Unibot Hacked: How Should Telegram Users Secure Their Assets?
TechFlow Selected TechFlow Selected
Unibot Hacked: How Should Telegram Users Secure Their Assets?
This article will provide specific details about the incident, as well as recommendations on how to protect your assets securely on Telegram.
Navigating Web3 tides with focused insightsThe popular Telegram trading tool Unibot has become the latest victim in an ever-growing series of cryptocurrency attacks.
Unibot acknowledged being attacked on October 31 due to a token approval vulnerability in its new router. In an official announcement, Unibot stated: “A token approval vulnerability was discovered in the new router, and Unibot has temporarily suspended the new router to resolve this issue. Any financial losses caused by the error in the new router will be compensated; user keys and wallets remain secure, and a detailed response will be released after the investigation.” The exploit reportedly resulted in losses exceeding $630,000. This article from veDAO Research Institute brings you the specifics of the incident, along with recommendations on how to protect your assets on Telegram.
What Happened in the Unibot Attack
On October 31, blockchain analytics firm Scopescan alerted Unibot users that the platform was undergoing an ongoing, previously undetected attack. A vulnerability in one of Unibot’s recently deployed contracts led to multiple users’ cryptocurrency balances being drained.
Shortly afterward, Unibot issued the announcement mentioned earlier, revealing initial details of the breach and confirming the attack stemmed from a token approval flaw in the new router.
Scopescan urged users to revoke approvals for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and transfer their funds to a new wallet, to support ongoing investigations by Unibot and blockchain analysts.
Unibot pledged to compensate all users who suffered financial losses due to the contract vulnerability. The attack began at 12:39:23 Beijing time on October 31 and lasted until 14:09:47 the same day. During this period, the attacker executed 22 malicious transactions, draining 42 different tokens from 364 victim addresses via the router. The exploited tokens were then sold, yielding a total of 355.5 ETH. All 355.5 ETH have since been transferred to Tornado.Cash. Weekly transaction data shows affected cryptocurrencies included Joe (JOE), UNIBOT, and BeerusCat (BCAT), among others.
UNIBOT Drops Nearly 40%
Although Unibot has promised compensation, the news of the hack still triggered a sharp price drop. According to CoinMarketCap, UNIBOT plummeted from $58.34 to a low of $35.94 following the incident—a maximum decline of 38%. Prices later slightly recovered, hovering around $42. Notably, despite strong panic selling, whales and smart money took advantage of the dip to accumulate significant amounts of UNIBOT.
Aftermath
On November 1, Unibot announced via Telegram that the vulnerability had been fully resolved and operations had reverted to the old router. The platform is now secure and functioning normally. However, returning assets to affected users will take some time. Unibot is currently conducting final simulation rounds, implementing additional measures to ensure complete and accurate reimbursement of users' tokens. The announcement noted that over 100 different tokens were impacted, making the refund process longer than expected. Due to varying scales and liquidity across these tokens, reimbursements will ultimately be delivered as a combination of native tokens plus ETH.
What Is Unibot?
Unibot is a trading bot integrated within Telegram. Users can interact with the bot through chat commands to execute on-chain token trades on Uniswap, including token swaps, copy trading, limit orders, and private transactions. Unibot has gained popularity on Telegram for its user-friendly interface. In short, it enables users to trade between different tokens without leaving their messaging app. Additionally, users can leverage MEV protection and replicate other traders’ strategies. The app’s native token surged to an astonishing $236 in mid-August, reflecting its high popularity.
Learn more about Unibot:
https://app.vedao.com/projects/11af33a7c6ee5c9bae19219a682f7a0749779794c4a8ffdee61c16f7d2939b4b
Telegram Bots
Beyond Unibot, many other Telegram bots—such as Mizar, Banana Gun, Maestro, and Wagie Bot—have amassed large user bases. Telegram bots are automated programs running within the Telegram chat interface. They can execute trades, provide market data, analyze sentiment on social media, and interact with smart contracts via commands issued through Telegram. These bots have existed for years but have recently gained attention with the rise of Telegram bot tokens.
Telegram bot tokens are native tokens integrated into Telegram bots, primarily enabling diverse trading functions such as executing DEX trades, managing cross-wallet portfolios, liquidity mining, and other DeFi-related operations. These tokens essentially allow users to access the entire DeFi ecosystem directly through interactions with the Telegram interface.
Starting in late July this year, the popularity of these tokens surged dramatically, with some seeing gains exceeding 1000%. Following Unibot’s emergence, numerous other Telegram bot tokens entered the scene. Currently, CoinMarketCap lists 73 Telegram bot tokens.
Unibot – A New Frontier for Crypto Security Risks
The recent Unibot vulnerability highlights a permissions flaw in its smart contract, potentially allowing unauthorized movement of users’ tokens beyond intended restrictions—raising serious security concerns.
Before transferring stolen assets to Tornado.Cash, the attackers first moved them to decentralized exchange Uniswap. In the crypto world, Tornado.Cash has frequently been central to high-profile hacks and exploits. Several members of the protocol’s development team were charged in August this year with aiding hackers in laundering over $1 billion, including funds linked to North Korean entities. Since those arrests and subsequent penalties, usage of the privacy protocol has dropped by 90%.
Just one week before the Unibot attack, some LastPass users reported losing $4.4 million in cryptocurrency. Security experts suggest this may stem from a LastPass vulnerability disclosed in December last year. Despite frequent breaches over the past ten months, many find these incidents puzzling due to their seemingly random nature.
Another major weakness in the cryptocurrency space lies in cross-chain bridges—platforms enabling asset transfers between incompatible networks. Exactly, a lending platform relying on Optimism, was hacked in August this year, losing $7 million. Axie Infinity’s Ronin bridge was exploited in March 2022, resulting in approximately $622 million in losses. Similarly, the Wormhole cryptocurrency platform suffered a breach where hackers stole a staggering $320 million.
These recurring incidents continuously remind us that as cryptocurrency moves toward mainstream adoption, such security challenges remain unavoidable hurdles.
How to Protect Your Assets on Telegram
Telegram has become one of the most widely used messaging platforms in the crypto community. Nearly every major blockchain project and cryptocurrency community maintains a Telegram account, creating channels and groups to foster interaction and community building. Telegram’s widespread use makes it a valuable tool for crypto enthusiasts to learn more and discuss their favorite projects—but it also attracts the attention of hackers.
Let’s review common cryptocurrency scams on Telegram and how to safeguard your assets:
Phishing and Message Scams
On Telegram, phishing often takes the form of “smishing” (SMS phishing), aiming to extract sensitive data—often targeting high-profile individuals through “whaling” or “spear phishing” attacks.
Telegram phishing scams typically involve sending deceptive messages—either broadly to as many people as possible, or specifically targeting individuals to steal sensitive information through spear phishing or whaling attacks aimed at organizations and prominent figures.
Off-Platform Scams
These scams lure users off the platform by prompting them to click links, potentially tricking them into sharing personal information or downloading malware.
Impersonation Scams
Scammers create fake Telegram channels or groups mimicking legitimate ones, deceiving users into believing they are part of the real community. You can verify authenticity by enabling admin-only posting in settings and restricting who can add you to channels.
Impostor Crypto Experts
Scammers pose as crypto experts on Telegram, promising high returns. They often disappear immediately after collecting users’ login credentials.
Pump-and-Dump Schemes
These scams promote events that could influence prices, urging users to invest or sell. Exercise caution when receiving unsolicited investment advice via private messages.
Telegram Bots
While Telegram bots can be useful, some hackers create counterfeit versions. Avoid bots that pressure you into immediate action, verify their phone numbers and posted content, and never share sensitive information.
Tech Support Scams
Scammers impersonate support staff within Telegram channels. Never share confidential information with supposed support personnel, whether they are bots or real individuals.
Fake Giveaways
Be wary of giveaways that ask for bank details or require payment to claim a prize—these are often scams.
Given that Telegram hosts nearly all major cryptocurrency projects and countless communities, scammers view it as a prime hunting ground. Therefore, avoiding disclosure of personal information, refraining from wire transfers, and not clicking suspicious links are crucial.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@TrendX_official
