Telegram Bot Banana Gun to Refund $3 Million to 11 Hack Victims
Banana Gun, a popular Telegram-based crypto trading bot, recently suffered a significant hack, resulting in a $3 million loss for 11 users.
Despite this setback, the platform has announced that it will fully compensate all affected users from its treasury without selling any tokens.
This swift response has reassured the community, resulting in a sharp recovery in the value of the platform’s native BANANA token, which surged by 7% following the announcement.
Banana Gun Hack: How Did $3 Million Get Lost?
The attack, which targeted veteran crypto traders with substantial social media presence, unfolded when users noticed manual transfers of Ethereum (ETH) from their wallets while interacting with Banana Gun’s bots.
The Ethereum Virtual Machine (EVM) and Solana versions of the bot were affected despite operating on independent codebases.
Victims reported receiving real-time notifications from the bot as the attackers drained their wallets.
In response to the breach, the Banana Gun team acted quickly, shutting down the bot to prevent further losses.
No further attacks occurred after the bot was taken offline, signaling that the immediate threat had been contained.
The team then conducted a thorough investigation in collaboration with external security experts, including the Web3 security firm Security Alliance.
The investigation revealed that the attackers had exploited a vulnerability in the Telegram message oracle, allowing them to initiate ETH transfers from users’ wallets manually.
The nature of the attack, with manual transfers instead of automated drains, suggested a highly targeted operation aimed at “smart money” traders and individuals well-versed in crypto trading.
The fact that seasoned traders were the primary victims indicated that the attackers had chosen their targets carefully, possibly leveraging their public profiles or known trading habits.
Security Enhancements Restore User’s Confidence
Following the investigation, Banana Gun implemented several critical security measures to prevent future breaches.
One of the most significant changes was the introduction of a two-hour transfer delay, which would give users time to react in case of suspicious activity.
Additionally, the platform added two-factor authentication (2FA) for all transfers to enhance user transaction security.
The team also reviewed the backend and frontend systems comprehensively, redeploying the bot’s infrastructure on new servers to eliminate any lingering vulnerabilities.
These changes ensured Banana Gun’s systems were more robust and resistant to future attacks.
The team’s proactive approach to security, including planned penetration testing and additional audits, has helped restore users’ confidence.
In a statement, Banana Gun emphasized that all affected users would be fully refunded from the platform’s treasury without selling any BANANA tokens.
As news of the refund spread, the price of BANANA tokens surged by 7%, indicating that the market had responded positively to the team’s handling of the crisis.
This is one of many this month. Similarly, a Singapore-based crypto exchange, BingX, confirmed a security breach after detecting suspicious outflows from one of its hot wallets. The hack resulted in a $43 million loss, affecting Ethereum, BNB, and MATIC assets.
The same goes for Indodax, an Indonesian cryptocurrency exchange hacked on September 11, which stole approximately $22 million in digital assets from its hot wallets.
Blockchain analytics firm SlowMist revealed that the stolen tokens were quickly converted into Ethereum, TRON, Polygon, and Bitcoin, complicating recovery efforts.
Although the exchange has resumed operation but the damage has been done, and security has been improved.