A new contract deployed on Oct. 29 by Unibot, a popular Telegram bot used to snipe trades on the decentralized exchange Uniswap, was reportedly exploited to hack roughly $560,000 in various memcoins from users.
On Oct. 31, blockchain security firm Scopescan alerted Unibot users about an ongoing hack on Unibot that went undetected. An exploit on a newly deployed contract by Unibot drained the crypto holdings of several users.
The current exploit size is ~$560K
— Scopescan ( . ) (@0xScopescan) October 31, 2023
Unibot later confirmed the hack by revealing initial details:
“We experienced a token approval exploit from our new router and have paused our router to contain the issue.”
Amid ongoing investigations from Unibot and blockchain investigators, Scopescan advised users to revoke the approvals for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and move the funds to a new wallet.
As seen above, the market reacted negatively to the development as the UNIBOT (UNIBOT) token witnessed an immediate 42.7% drop in its price in one hour — from $57.56 to $32.94. However, the token price is making a recovery attempt at the time of writing.
We experienced a token approval exploit from our new router and have paused our router to contain the issue.
Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.
We will release a detailed response after investigations conclude.
— Unibot (@TeamUnibot) October 31, 2023
Unibot committed to compensating all users that lost funds due to the contract exploit. Weekly transaction data shows that cryptocurrencies such as Joe (JOE), UNIBOT and BeerusCat (BCAT) represented a major part of the loot.
Cointelegraph also learned from Scopescan that the address 0x835B, which is identical to the exploited address, was deployed and is being used to receive tokens from unsuspecting victims.
Unibot has not yet responded to Cointelegraph’s request for comment.