This article was written by @EatonAshton2, Beosin Security Researcher

After $UNIBOT's market capitalization surged from $30 million to $185 million (currently at $110 million), players in the crypto market started FOMOing Telegram bots and related tokens. $UNIBOT is a token issued by UNIBOT. UNIBOT is a Telegram trading robot. Users can interact with the robot to monitor liquidity pools, trade tokens and copy other people's transactions.

As UNIBOT has gained more and more attention in the cryptocurrency market, various types of bots have emerged: **LootBot is a bot that automatically searches for Airdops on different EVM chains. Bridge Bot is designed to bridge users' funds faster and more securely. The MEVFree robot is designed to help users avoid MEV attacks when trading. **

Today we will briefly talk about the recently popular Telegram bot, and some security risk prevention.

Telegram Bots, Hype or Speculation?

We can see that Telegram bots are programs that run on Telegram and provide different types of encrypted services to meet the needs of degen players and airdrop players.

Currently in the deep bear stage, many crypto users need to trade altcoins or Dogecoins to obtain several times or even dozens of times of profits. Many influential meme coins have been born in 2023, such as $Pepe, $Ordi, $Aidoge.

UNIBOT happens to be "a native dog exchange", providing centralized exchange services for native dog players on the chain, and its token $UNIBOT has skyrocketed dozens of times. An investor or speculator might claim that UNIBOT's 24-hour revenue reached 337.54 $ETH ($665,000) on July 23, as shown in the chart below. Because UNIBOT will charge a 5% sales tax when selling $UNIBOT tokens, and will charge a 1% transaction fee if using UNIBOT transactions, players who buy $UNIBOT will feel that UNIBOT is a project with real income.

However, approximately 80% of the daily revenue generated by UNIBOT comes from speculation in $UNIBOT, not from usage of UNIBOT. If $UNIBOT ceases to hype, daily earnings will drop significantly. The average daily transaction volume is now about $4.6 million, and transaction fees are about $46,000. The circulation of $UNIBOT is 10 million, and the price of $UNIBOT is $110. The daily income per token is about $0.023, which actually shows that $UNIBOT is not worth investing in right now.

Security Risks of Telegram Bots

1. Centralization

The risks of a Telegram bot are the same as those of a centralized exchange. If users want to use Telegram bots, **they need to import their private keys into these bots. During this process, other software may read the user's private key through the pasteboard. In addition, once the user imports the private key in the telegram bot, their encrypted assets are no longer under their control. **

2. Security risk

Most Telegram bots are not open source, and there are no third-party code audits. ** Potential bugs in bots may result in loss of assets. If a user's Telegram account is compromised (phishing attacks against Telegram accounts happen from time to time), then the assets on the Telegram bot will also be under the hacker's control. **

**During the Telegram bot craze, phishing and scams about Telegram bots are on the rise. Claiming to be automated trading or anti-front-running, these bots trick users into importing private keys and then transfer users' funds without their permission. **

**How to improve Telegram bot? **

1. Open source

Telegram bots should be open-sourced and subject to security review. Users need to understand the robot's trading strategy or airdrop strategy through the code rather than through the description of the project party.

2. Security Enhancement

Telegram bot needs to consider private key protection to build a more secure operating environment. For example, when storing private keys and signing transactions, it is recommended to use MPC (Multi-Party Computation) technology. Telegram bots can consider adding the function of verifying token contracts, or cooperating with security companies to prevent users from participating in Pixiu and running around and losing assets.

Overall, Telegram bots can be a powerful tool for traders, especially degen players, providing users with convenient and efficient encryption services, but related tokens are not worth investing in. Users need to be aware of the risks of Telegram bots, and users should always be careful and do sufficient research before using any trading bot.