Author: @EatonAshton2, Beosin Security Researcher
After the market value of $UNIBOT surged from $30 million to $185 million (currently $110 million), players in the cryptocurrency market began to FOMO into Telegram bots and related tokens. $UNIBOT is a token issued by UNIBOT, which is a Telegram trading bot that allows users to interact with the bot to monitor liquidity pools, trade tokens, and copy others’ trades.
As UNIBOT has attracted more attention from the cryptocurrency market, various types of bots have emerged: LootBot is a bot that automatically searches for airdrops on different EVM chains. Bridge Bot aims to bridge users’ funds faster and more securely. MEVFree bot is designed to help users avoid MEV attacks when trading.
Today, let’s briefly discuss the recently popular Telegram bots and some security risks to be aware of.
- MIT How did Worldcoin acquire 500,000 early test users?
- Recent Overview of POW Projects Dynex, Microvision Chain, Neurai
- Polygon accuses zkSync of plagiarism Amidst the showdown between the two ZK giants, Manta claims that part of the controversy is the original creation of its employees.
Telegram Bots: Hype or Speculation?
We can see that Telegram bots are programs running on Telegram that provide different types of cryptocurrency services to meet the needs of degenerate players and airdrop players.
In the current deep bear market phase, many cryptocurrency users need to trade meme coins or dog coins in order to potentially gain several times or even tens of times in profit. In 2023, many influential meme coins have emerged, such as $Pepe, $Ordi, $Aidoge.
UNIBOT happens to be “a dog coin exchange” that provides centralized exchange services for on-chain dog players, and its token $UNIBOT has skyrocketed by several tens of times. Investors or speculators may claim that on July 23rd, UNIBOT’s 24-hour revenue reached 337.54 $ETH ($665,000), as shown in the following figure. Because UNIBOT charges a 5% sales tax when selling $UNIBOT tokens, and a 1% transaction fee when trading with UNIBOT, players who buy $UNIBOT will feel that UNIBOT is a project with real revenue.
https://dune.com/whale_hunter/unibot-revenue
However, about 80% of UNIBOT’s daily revenue comes from speculation on $UNIBOT, not from the usage of UNIBOT. If the hype around $UNIBOT subsides, daily earnings will decrease significantly. Currently, the average daily trading volume is around $4.6 million, with transaction fees amounting to approximately $46,000. The circulating supply of $UNIBOT is 10 million tokens, and the price of $UNIBOT is $110. The daily income per token is about $0.023, which actually indicates that $UNIBOT is not currently worth investing in.
https://dune.com/whale_hunter/unibot-revenue
Security Risks of Telegram Bots
1. Centralization
The risks of Telegram bots are similar to those of centralized exchanges. If users want to use Telegram bots, they need to import their private keys into these bots. During this process, other software may be able to read the user’s private keys from the clipboard. Furthermore, once users import their private keys into Telegram bots, their encrypted assets are no longer under their control.
2. Security Risks
Most Telegram bots are not open source and do not undergo third-party code audits. Potential vulnerabilities in bots can lead to asset losses. If a user’s Telegram account is compromised (phishing attacks against Telegram accounts do occur), the assets on Telegram bots can also be controlled by hackers.
During the Telegram bot frenzy, phishing and scams related to Telegram bots have been constantly emerging. These bots claim to be automatic trading or front-running bots, enticing users to import their private keys, and then transferring the users’ funds without their permission.
How to Improve Telegram Bots?
1. Open Source
Telegram bots should be open source and undergo security audits. Users need to understand the bots’ trading strategies or airdrop strategies through code, rather than relying on the project’s descriptions.
2. Enhanced Security
Telegram bots need to consider private key protection and build a more secure operating environment. For example, when storing private keys and signing transactions, it is recommended to use Multi-Party Computation (MPC) technology. Telegram bots can consider adding features to verify token contracts or collaborate with security companies to prevent users from participating in rug pulls and exit scams, thus safeguarding their assets.
Overall, Telegram bots can be powerful tools for traders, especially degenerate players, providing users with convenient and efficient cryptocurrency services. However, the associated tokens are not worth investing in. Users need to be aware of the risks of Telegram bots and should always exercise caution and conduct thorough research before using any trading bots.
Like what you're reading? Subscribe to our top stories.
We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!
