Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Telegram Bot Banana Gun to Refund $3 Million to 11 Hack Victims

Telegram Bot Banana Gun to Refund $3 Million to 11 Hack Victims

CryptoNewsCryptoNews2024/09/25 21:51
By:Hassan Shittu

Banana Gun, a Telegram crypto trading bot, will refund $3 million to hack victims, reassuring users and boosting the value of its BANANA token.

Last updated:
September 25, 2024 11:31 EDT

Banana Gun, a popular Telegram-based crypto trading bot, recently suffered a significant hack , resulting in a $3 million loss for 11 users.

Despite this setback, the platform has announced that it will fully compensate all affected users from its treasury without selling any tokens.

This swift response has reassured the community, resulting in a sharp recovery in the value of the platform’s native BANANA token, which surged by 7% following the announcement.

Banana Gun Hack: How Did $3 Million Get Lost?

The attack, which targeted veteran crypto traders with substantial social media presence, unfolded when users noticed manual transfers of Ethereum (ETH) from their wallets while interacting with Banana Gun’s bots.

The Ethereum Virtual Machine (EVM) and Solana versions of the bot were affected despite operating on independent codebases.

Victims reported receiving real-time notifications from the bot as the attackers drained their wallets.

In response to the breach, the Banana Gun team acted quickly, shutting down the bot to prevent further losses.

No further attacks occurred after the bot was taken offline, signaling that the immediate threat had been contained.

The team then conducted a thorough investigation in collaboration with external security experts, including the Web3 security firm Security Alliance.

The investigation revealed that the attackers had exploited a vulnerability in the Telegram message oracle, allowing them to initiate ETH transfers from users’ wallets manually.

The nature of the attack, with manual transfers instead of automated drains, suggested a highly targeted operation aimed at “smart money” traders and individuals well-versed in crypto trading.

The fact that seasoned traders were the primary victims indicated that the attackers had chosen their targets carefully, possibly leveraging their public profiles or known trading habits.

BOT INCIDENT RECAP

First of all, we’re humbled by the incredible bot activity on Banana Gun, even after last week’s incident. Thank you all for your patience and trust. We take this as a testament that we're handling the situation properly. As previously mentioned, our EVM and…

— Banana Gun 🍌🔫 (@BananaGunBot) September 24, 2024

Security Enhancements Restore User’s Confidence

Following the investigation, Banana Gun implemented several critical security measures to prevent future breaches.

One of the most significant changes was the introduction of a two-hour transfer delay, which would give users time to react in case of suspicious activity.

Additionally, the platform added two-factor authentication (2FA) for all transfers to enhance user transaction security.

The team also reviewed the backend and frontend systems comprehensively, redeploying the bot’s infrastructure on new servers to eliminate any lingering vulnerabilities.

EVM AND SOLANA BOT ONLINE

Both our EVM and Solana bots are back online, with an additional safety measure of a 6-hour transfer delay now in place. We will also be monitoring activity 24/7.

Thank you all for your patience and trust. The team will refund all victims of the…

— Banana Gun 🍌🔫 (@BananaGunBot) September 20, 2024

These changes ensured Banana Gun’s systems were more robust and resistant to future attacks.

The team’s proactive approach to security, including planned penetration testing and additional audits, has helped restore users’ confidence.

In a statement, Banana Gun emphasized that all affected users would be fully refunded from the platform’s treasury without selling any BANANA tokens.

As news of the refund spread, the price of BANANA tokens surged by 7%, indicating that the market had responded positively to the team’s handling of the crisis.

Source: CoinGecko

This is one of many this month. Similarly, a Singapore-based crypto exchange, BingX, confirmed a security breach after detecting suspicious outflows from one of its hot wallets. The hack resulted in a $43 million loss , affecting Ethereum, BNB, and MATIC assets.

The same goes for Indodax, an Indonesian cryptocurrency exchange hacked on September 11, which stole approximately $22 million in digital assets from its hot wallets.

Blockchain analytics firm SlowMist revealed that the stolen tokens were quickly converted into Ethereum, TRON, Polygon, and Bitcoin, complicating recovery efforts.

🚨SlowMist Security Alert🚨

Indonesian crypto exchange @indodax suffered an attack a few hours ago, with the hacker stealing various tokens from hot wallets. The total loss is approximately $22 million💸. Below are the details of the losses⬇️ pic.twitter.com/r4i0rBbctJ

— SlowMist (@SlowMist_Team) September 11, 2024

Although the exchange has resumed operation but the damage has been done, and security has been improved.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!