There are still too many unknowns over how various Telegram trading bots store private keys, blockchain security firms told Cointelegraph.
Telegram trading bots, which have been turning the messaging platform into a quasi-crypto marketplace, pose significant security risks for users and require further scrutiny, according to blockchain security firms.
While such trading bots have existed for years, they’ve recently gained attention as crypto markets gain and associated bot tokens have gained in price, blockchain security firm CertiK told Cointelegraph.
As of the time of writing, the combined market capitalization of Telegram bot tokens is nearing $250 million, according to CoinGecko. The largest of the pack is Unibot; other popular bots include Wagie Bot and Mizar.
The bots are automated programs that run through Telegram, allowing users to make trades on decentralized exchanges (DEXs) by sending messages to it through the app.
Telegram bot tokens will be the next crypto meta in the coming 1-2 months. Agree or disagree? https://t.co/LewLnlivSm
— Bobby Ong (@bobbyong) July 19, 2023
CertiK, however, warned that many Telegram bots create crypto wallets for users, with only some actually providing the private key.
It’s unclear if they’re stored with accessibility by project employees, on the user device, or backed up through Telegram.
“While these platforms offer high-volume DEX trading options, they should be considered extremely high-risk and unsuitable for medium to long-term storage of assets,” CertiK said.
The Unibot token market capitalization is over $185 million — the largest Telegram bot token by market cap.
In an Aug. 5 post, blockchain security firm Beosin also highlighted the security risks of using the bots, claiming their centralization posed a risk to a user’s private wallet keys.
It added further security risks come from many of the bots not open-sourcing their code or undertaking security audits and a user could also lose control of their funds if their Telegram account is hacked.
Beosin recommended projects open-source their code to make security reviews easier and ensure better storage of user private keys.