The Unibot hacker has moved $630,000 of the stolen funds from the favored Telegram buying and selling bot through the sanctioned mixing protocol Tornado Cash, on-chain information reveals.
In an Oct. 31 post on X(previously Twitter), the Unibot workforce confirmed that the platform suffered a “token approval exploit” on its new router.
“We experienced a token approval exploit from our new router and have paused our router to contain the issue,” Unibot stated.
The hack resulted in Unibot’s native UNIBOT token tanking by greater than 30% to as little as $32.94 earlier than recovering to $46.02 as of press time, in response to CryptoSlate’s information.
How Unibot was exploited
Whereas the buying and selling bot workforce failed to supply details about the quantity stolen, experiences from crypto safety agency Cyvers Alerts estimated that the hacker took round 345 Ethereum (ETH), equal to $630,000, from the platform.
Cyvers Alerts stated the attacker was funded by way of Fastened Float and that:
“The root cause [of the hack] appears to be the absence of input for the ‘transferFrom’ function to transfer tokens that have been granted approval to the contract.”
Nevertheless, the Unibot workforce has tried to downplay the impact of the incident, assuring victims that they are going to be compensated and that their “keys and wallets are safe.”
“We will release a detailed response after investigations conclude,” Unibot added.
Data from Debank reveals that the pockets related to Unibot exploiter first exchanged all of the stolen digital property, together with meme cash, for Ethereum by way of decentralized trade platforms like Uniswap and 1inch.
Subsequently, the attacker then transferred all of these ETH by way of Tornado Cash in an try to obfuscate his transaction path.
The pockets solely has about $69 value of digital property left in its holding as of press time.