On-chain analytics firm LookOnChain reported that an attacker has exploited a vulnerability in Unibot – a cryptocurrency trading bot – and has already drained over $600,000 worth of user funds.
Unibot enables automated trading via customized strategies. However, a hacker discovered an access point and has started siphoning assets from connected users’ wallets.
According to on-chain transaction data, the hacker continues moving user funds from Unibot into their own wallet before selling them for ETH on decentralized exchanges. Each transfer represents assets being stolen from a Unibot user.
The issue was exacerbated by excessive permissions granted to the Unibot smart contracts, allowing the exploiter full access once the vulnerability was uncovered.
The reports of the hack caused Unibot’s native token, UNIBOT, to crash over 40%, plunging from $58 down to $36 before stabilizing around $43. The breach of trust has severely damaged community confidence, despite the project’s claims that funds are “safu.”
LookOnChain advises all Unibot users to immediately revoke contract approvals and move funds out of the platform to protect against further loss. Do not rely on Unibot to safeguard your holdings until the issues are transparently resolved.
Read also:
- Are TRB Whales Stockpiling? Large Exchange Withdrawals Precede 43% Tellor Pump
- Top 5 Cryptocurrencies with Potential to Outperform Bitcoin
- Rollbit (RLB) Surges to New Highs as Analysts Eye Potential Rally to $1, but There’s a Catch
The incident highlights the need for cautious permissions when approving third-party smart contracts to limit damage from potential exploits like this. Audit reports also cannot guarantee safety, as new vulnerabilities can emerge later.
We recommend eToro
Wide range of assets: cryptocurrencies alongside other investment products such as stocks and ETFs.
Copy trading: allows users to copy the trades of leading traders, for free.
User-friendly: eToro’s web-based platform and mobile app are user-friendly and easy to navigate.