The Unibot hacker has moved $630,000 of the stolen funds from the favored Telegram buying and selling bot by way of the sanctioned mixing protocol Twister Money, on-chain knowledge exhibits.
In an Oct. 31 put up on X(previously Twitter), the Unibot group confirmed that the platform suffered a “token approval exploit” on its new router.
“We skilled a token approval exploit from our new router and have paused our router to comprise the problem,” Unibot mentioned.
The hack resulted in Unibot’s native UNIBOT token tanking by greater than 30% to as little as $32.94 earlier than recovering to $46.02 as of press time, in accordance with crypto-news’s knowledge.
How Unibot was exploited
Whereas the buying and selling bot group failed to offer details about the quantity stolen, stories from crypto safety agency Cyvers Alerts estimated that the hacker took round 345 Ethereum (ETH), equal to $630,000, from the platform.
Cyvers Alerts mentioned the attacker was funded by way of Fastened Float and that:
“The foundation trigger [of the hack] seems to be the absence of enter for the ‘transferFrom’ operate to switch tokens which have been granted approval to the contract.”
Nonetheless, the Unibot group has tried to downplay the impact of the incident, assuring victims that they are going to be compensated and that their “keys and wallets are secure.”
“We are going to launch an in depth response after investigations conclude,” Unibot added.
Fund motion
Information from Debank exhibits that the pockets related to Unibot exploiter first exchanged all the stolen digital belongings, together with meme cash, for Ethereum by way of decentralized change platforms like Uniswap and 1inch.
Subsequently, the attacker then transferred all of those ETH by way of Twister Money in an try and obfuscate his transaction path.
The pockets solely has about $69 price of digital belongings left in its holding as of press time.