Unibot suffers token approval exploit, token is down 25%

The Unibot team says funds lost due to the bug on the new router ‘will be compensated.’

Telegram trading crypto bot Unibot has suffered a token approval exploit, resulting in a loss of $642,000 worth of crypto.

In an X post on Tuesday, Oct. 31, the Unibot team acknowledged the attack, saying the hacker exploited the token approval mechanism in the new router. The team has paused the router “to contain the issue.”

We experienced a token approval exploit from our new router and have paused our router to contain the issue.

Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.

We will release a detailed response after investigations conclude.

— Unibot (@TeamUnibot) October 31, 2023

According to reports, the exploiter stole over 356 Ethereum (ETH) worth around $642,000 at the time of writing. After the attack, the stolen funds have been moved to Tornado Cash, a sanctioned cryptocurrency mixing protocol on the Ethereum blockchain.

Shortly after the news broke, Unibot’s native token crashed by 25.5% down to $42.7, according to data from CoinGecko.

Telegram trading bots

Unibot is a Telegram bot that allows users to trade crypto right in the messenger by connecting their non-custodial wallets to Uniswap V3. The bot executes trades on behalf of a user with token pool contracts.

As crypto.news earlier reported, the other Telegram bot, Maestro, also fell victim to a security breach, resulting in the theft of more than 280 ETH, valued at approximately $500,000. In the aftermath, Maestro initiated a refund strategy. Users who lost tokens during the exploit reportedly received total compensation, with some even receiving more than their initial holdings.