A brand new contract deployed on Oct. 29 by Unibot, a preferred Telegram bot used to snipe trades on the decentralized change Uniswap, was reportedly exploited to hack roughly $560,000 in numerous memcoins from customers.
On Oct. 31, blockchain safety agency Scopescan alerted Unibot customers about an ongoing hack on Unibot that went undetected. An exploit on a newly deployed contract by Unibot drained the crypto holdings of a number of customers.
The present exploit dimension is ~$560K
— Scopescan ( . ) (@0xScopescan) October 31, 2023
Unibot later confirmed the hack by revealing preliminary particulars:
“We skilled a token approval exploit from our new router and have paused our router to comprise the problem.”
Amid ongoing investigations from Unibot and blockchain investigators, Scopescan suggested customers to revoke the approvals for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and transfer the funds to a brand new pockets.
As seen above, the market reacted negatively to the event because the UNIBOT (UNIBOT) token witnessed an instantaneous 42.7% drop in its worth in a single hour — from $57.56 to $32.94. Nevertheless, the token worth is making a restoration try on the time of writing.
We skilled a token approval exploit from our new router and have paused our router to comprise the problem.
Any funds misplaced because of the bug on our new router might be compensated. Your keys and wallets are secure.
We are going to launch an in depth response after investigations conclude.
— Unibot (@TeamUnibot) October 31, 2023
Unibot dedicated to compensating all customers that misplaced funds because of the contract exploit. Weekly transaction information reveals that cryptocurrencies comparable to Joe (JOE), UNIBOT and BeerusCat (BCAT) represented a significant a part of the loot.
Cointelegraph additionally discovered from Scopescan that the deal with 0x835B, which is an identical to the exploited deal with, was deployed and is getting used to obtain tokens from unsuspecting victims.
Unibot has not but responded to Cointelegraph’s request for remark.
The same contract exploit lately drained 280 ETH from users of Maestrobots, a bunch of cryptocurrency bots on the Telegram messenger app.
Within the following days, Maestrobots paid a complete of 610 ETH from its personal income to cowl all of the person losses whereas citing a scarcity of liquidity to purchase again the misplaced tokens:
“So we compensated affected customers with the ETH equal of their tokens, and boosted that quantity by 20% since you deserve it. These refunds price 334 ETH.”
Blockchain safety agency CertiK confirmed to Cointelegraph that it has been in a position to detect the transactions displaying the 334 ETH compensation paid out to customers from Maestro.