Unibot Hack: $560K Loss, Exploit Details, and Impact on Price

Introduction

Recent data reveals that Team Unibot, a trading bot enabling users to buy and sell tokens on Uniswap V3 through their Telegram apps, has fallen victim to an exploit. The hacker responsible for the attack has transferred meme coins from Unibot users and exchanged them for ETH, resulting in a loss of $560K.

Wallet Address and Activity

The wallet address associated with the hacker's transfers is 0x413e4fb75c300b92fec12d7c44e4c0b4faab4d04. This address currently holds a total balance of $583,762. It is worth noting that the wallet has been inactive for the most part, with a sudden surge in transfers occurring on October 31, 2023. The news of the hack has had a significant impact on the price of the UNIBOT token, causing it to plummet by over 40%.

Hack Details

According to a Beosin Alert, the exploit was made possible through a CALL injection, which allowed the attacker to send malicious call data to the 0xb2bd16ab() method, enabling them to move tokens approved for Unibot contracts. Additionally, the hacker has been receiving 1ETH gas from FixFloat, a cryptocurrency exchange known for its fast transactions. By exploiting users' cryptocurrencies, the attacker has been able to exchange them for Ethereum (ETH).

Unibot's Response

Unibot has issued an advisory to its users, acknowledging the token approval exploit that occurred on their new router. As a result, the usage of the router has been temporarily halted to prevent further damage. The team has assured users that any funds lost due to bugs on the new router will be compensated, and they have confirmed the safety of users' keys and wallets. A comprehensive report will be released once the investigation is concluded. In the meantime, Unibot advises its users to review and revoke any approvals for the contract 0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865 and transfer their funds to a new wallet as soon as possible.

Exploiter's Contract and Funding

The exploiter's contract was deployed by the Unibot team two days ago. It is worth noting that the exploiter received funding from fixfloat, a crypto mixer, approximately five months after the launch of Unibot.

Impact on Unibot

Following the news of the exploit, the price of Unibot has experienced a significant decline, dropping by 24.58% to $43.13 at the time of writing. However, the trading volume over the past 24 hours has seen a substantial increase of 927.29% to $37.12 million.