- The UNIBOT token saw its value drop by almost 35%.
- Beosin Alert claims that the root cause of the breach is a CALL injection.
Recent information suggests that the trading bot Team Unibot has been exploited. This bot allows DeFi users to purchase and sell tokens on Uniswap V3 without ever leaving their Telegram applications. In addition, the hacker seems to have traded meme coins from Unibot users for ETH. The tokens exploited are now worth $560k, which is a significant sum.
We experienced a token approval exploit from our new router and have paused our router to contain the issue.
— Unibot (@TeamUnibot) October 31, 2023
Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.
We will release a detailed response after investigations conclude.
There is a total of $583,762 in the wallet. In addition, the wallet address has remained dormant for the most part, with a spike in activity on October 31, 2023. The UNIBOT token, used in a cryptocurrency trading bot, saw its value drop by almost 35% when news of the attack spread and is currently trading at $40.2 as per data from CoinMarketCap.
New Router Disabled
Beosin Alert claims that the root cause of the breach is a CALL injection that enables an attacker to transfer tokens permitted for Unibot contracts by sending malicious call data to the 0xb2bd16ab() function.
The exploiter also seems to have been paid 1 ETH gas by FixFloat, a crypto exchange that allows for instantaneous trades. The exploiter is sending and receiving cryptocurrency from victims in exchange for Ethereum (ETH), according to data from Etherscan.
Unibot has issued a statement claiming that their new router was disabled after they saw a token approval exploit. The organization explained its choice by saying it would help reduce damage.
In addition, the company promised to reimburse consumers for any funds lost as a result of router flaws, and assured them that their remaining private keys and wallets are secure. As soon as the inquiry is finished, a full report will be made public.