October 31, 2023 at 11:58 GMTModified date: October 31, 2023 at 11:58 GMT
October 31, 2023 at 11:58 GMT

Unibot hacker uses Tornado Cash to convert stolen crypto to $ETH

The Unibot team confirmed a token approval exploit early in the morning today. The malicious actor used Tornado Cash to swap the stolen crypto for Ether ($ETH).

Unibot hacker uses Tornado Cash to convert stolen crypto to $ETH

The Unibot team confirmed experiencing a token approval exploit early in the morning today, 31 October.

Unibot is a Telegram bot that enables users to trade crypto tokens on Uniswap v3 directly from the Telegram messaging app. It is a Leveraged Liquidity Provision (LLP) platform developed for Uniswap v3 by Diamond Protocol, a DeFi protocol focused on modelling on-chain structured products.

While the team paused its router to contain the issue, the hacker seemed to make away with just over $630,000 in crypto assets.

As reported by PeckShield, the malicious actor used Tornado Cash to swap the stolen crypto for Ether ($ETH). This was its first move. The hacker now has around 355.75 $ETH in their wallet, which is the majority chunk, followed by $USDC.

Soon after the news of the recent exploit, the price of Unibot token ($UNI) went down significantly by over 25%, dropping from $56 to trade around $43 at press time.

Back in August, $UNI hit its all-time high of $236, attracting the interest of investors as the protocol generated a significant amount of revenue.

Unibot has promised the affected users of router exploit to be fully compensated. It also assured that their keys and wallets were all safe. A detailed response will be released after the team concludes with its investigations.

The attack follows last week’s LastPass hack where users lost $4.4million worth of crypto. At least 80 crypto wallets have been compromised in relation to the hack, where funds were stolen from the Bitcoin, Ethereum, BNB, Arbitrum, Solana and Polygon blockchains.

Tornado Cash, on the other hand, has been the epicentre of most of the recent exploits. While it is often used in a legitimate way by people to protect their privacy in the crypto market, it has also attracted a lot of attention from malicious actors because of its anonymising feature that conceals the identity of the buyer.

The privacy protocol is now increasingly being associated with attacks and hacks to obscure the origin of funds transacted through it. Two of its founders were accused of money laundering and sanctions violations back in August this year.

In a joint-action, Federal Bureau of Investigation, the Justice Department and the Internal Revenue Service’s Criminal Investigation unit charged Roman Storm and Roman Semenov for laundering more than $1billion in criminal proceeds. The allegation tied the two developers to their work with the privacy mixer that “facilitated” a lump sum amount in money laundering, including “hundreds of millions” for North Korea’s Lazarus Group.

Linked to the North Korean government, the Lazarus group is known for having stolen nearly $2bn worth of crypto since 2018, according to a TRM report.

Tornado Cash was also sanctioned last year by the US Treasury Department’s Office of Foreign Asset Control (OFAC) following the allegations that said that the Lazarus group was laundering the funds from multiple crypto hacks through it. The US Attorney Damien Williams in a statement said that Tornado Cash and its operators “knowingly facilitated” money laundering.

Following this, the crypto mixer’s overall usage dropped 90% as per another report published by TRM earlier this month. This year, transactions worth $425m flowed through Tornado Cash from February to July 2023. However, during the same period last year, the volumes were at $2.8bn.