Telegram's Bots Trading Causes Security Risks For Users, Needs Further Examination
JAKARTA - Telegram's trading bots, which have turned messaging platforms into pseudo crypto markets, pose a significant security risk for users and require further inspection, according to blockchain security firms.
Although such trade bots have existed for years, they have recently gained attention as crypto markets increase and related bot tokens are experiencing price increases, blockchain security firm CertiK told Cointelegraph.
The total market capitalization of Telegram bot tokens is close to $250 million, according to CoinGecko. The biggest one is Unibot; other popular bots including Wagie Bot and Mizar.
These bots are automatic programs running via Telegram, allowing users to trade on decentralized exchanges (DEX) by sending messages to bots through the application.
However, CertiK warns that many Telegram bots create crypto wallets for users, with only a few actually providing personal keys.
It is not clear whether the key is stored with accessibility by project employees, on users' devices, or backuped via Telegram.
"Iringan melihat, platform ini menawarkan opsi perdagangan DEX dengan volume tinggi, namun sebaiknya dianggap sebagai sangat berisiko dan tidak cukup untuk penyimpanan aset jangka menengah hingga jangka panjang," kata CertiK.
The market capitalization of the Unibot token reached more than US$185 million (Rp2.7 trillion), the largest Telegram bot token by market cap.
SEE ALSO:
Recent data show that Unibot users have been trading with a volume of 155 million US dollars (Rp1.7 trillion) through more than 230,000 transactions using the bot, according to Dune Analytics. Unibot users' daily trading volume since late May shows a spike around the end of July.
In a post on August 5, blockchain security firm Beosin also highlighted the security risks of bot usage, stating that their centralization is in danger of the user's private wallet key.
They added that the risk of further security stems from the large number of bots that do not unlock their source code or conduct security audits, and users can also lose control of their funds if their Telegram account is hacked.
Beosin recommends that these projects open their source code to facilitate security reviews and ensure better storage for users' private keys.