The Unibot hacker has moved $630,000 of the stolen funds from the popular Telegram trading bot through the sanctioned mixing protocol Tornado Cash, on-chain data shows.

In an Oct. 31 post on X(formerly Twitter), the Unibot team confirmed that the platform suffered a “token approval exploit” on its new router.

“We experienced a token approval exploit from our new router and have paused our router to contain the issue,” Unibot said.

The hack resulted in Unibot’s native UNIBOT token tanking by more than 30% to as low as $32.94 before recovering to $46.02 as of press time, according to CryptoSlate’s data.

How Unibot was exploited

While the trading bot team failed to provide information about the amount stolen, reports from crypto security firm Cyvers Alerts estimated that the hacker took around 345 Ethereum (ETH), equivalent to $630,000, from the platform.

Cyvers Alerts said the attacker was funded via Fixed Float and that:

“The root cause [of the hack] appears to be the absence of input for the ‘transferFrom’ function to transfer tokens that have been granted approval to the contract.”

However, the Unibot team has tried to downplay the effect of the incident, assuring victims that they will be compensated and that their “keys and wallets are safe.”

“We will release a detailed response after investigations conclude,” Unibot added.

Fund movement

Data from Debank shows that the wallet associated with Unibot exploiter first exchanged all of the stolen digital assets, including meme coins, for Ethereum via decentralized exchange platforms like Uniswap and 1inch.

Subsequently, the attacker then transferred all of these ETH via Tornado Cash in an attempt to obfuscate his transaction trail.

The wallet only has about $69 worth of digital assets left in its holding as of press time.