Telegram Bot Banana Gun to Refund $3 Million to 11 Hack Victims

Banana Gun Hack Telegram Bot
Banana Gun, a Telegram crypto trading bot, will refund $3 million to hack victims, reassuring users and boosting the value of its BANANA token.
Last updated:
Journalist
Journalist
Hassan Shittu
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

Banana Gun, a popular Telegram-based crypto trading bot, recently suffered a significant hack, resulting in a $3 million loss for 11 users.

Despite this setback, the platform has announced that it will fully compensate all affected users from its treasury without selling any tokens.

This swift response has reassured the community, resulting in a sharp recovery in the value of the platform’s native BANANA token, which surged by 7% following the announcement.

Banana Gun Hack: How Did $3 Million Get Lost?

The attack, which targeted veteran crypto traders with substantial social media presence, unfolded when users noticed manual transfers of Ethereum (ETH) from their wallets while interacting with Banana Gun’s bots.

The Ethereum Virtual Machine (EVM) and Solana versions of the bot were affected despite operating on independent codebases.

Victims reported receiving real-time notifications from the bot as the attackers drained their wallets.

In response to the breach, the Banana Gun team acted quickly, shutting down the bot to prevent further losses.

No further attacks occurred after the bot was taken offline, signaling that the immediate threat had been contained.

The team then conducted a thorough investigation in collaboration with external security experts, including the Web3 security firm Security Alliance.

The investigation revealed that the attackers had exploited a vulnerability in the Telegram message oracle, allowing them to initiate ETH transfers from users’ wallets manually.

The nature of the attack, with manual transfers instead of automated drains, suggested a highly targeted operation aimed at “smart money” traders and individuals well-versed in crypto trading.

The fact that seasoned traders were the primary victims indicated that the attackers had chosen their targets carefully, possibly leveraging their public profiles or known trading habits.

Security Enhancements Restore User’s Confidence

Following the investigation, Banana Gun implemented several critical security measures to prevent future breaches.

One of the most significant changes was the introduction of a two-hour transfer delay, which would give users time to react in case of suspicious activity.

Additionally, the platform added two-factor authentication (2FA) for all transfers to enhance user transaction security.

The team also reviewed the backend and frontend systems comprehensively, redeploying the bot’s infrastructure on new servers to eliminate any lingering vulnerabilities.

These changes ensured Banana Gun’s systems were more robust and resistant to future attacks.

The team’s proactive approach to security, including planned penetration testing and additional audits, has helped restore users’ confidence.

In a statement, Banana Gun emphasized that all affected users would be fully refunded from the platform’s treasury without selling any BANANA tokens.

As news of the refund spread, the price of BANANA tokens surged by 7%, indicating that the market had responded positively to the team’s handling of the crisis.

Source: CoinGecko

This is one of many this month. Similarly, a Singapore-based crypto exchange, BingX, confirmed a security breach after detecting suspicious outflows from one of its hot wallets. The hack resulted in a $43 million loss, affecting Ethereum, BNB, and MATIC assets.

The same goes for Indodax, an Indonesian cryptocurrency exchange hacked on September 11, which stole approximately $22 million in digital assets from its hot wallets.

Blockchain analytics firm SlowMist revealed that the stolen tokens were quickly converted into Ethereum, TRON, Polygon, and Bitcoin, complicating recovery efforts.

Although the exchange has resumed operation but the damage has been done, and security has been improved.

More Articles

Blockchain News
Telegram Bot Banana Gun Users Lose 500 ETH to Hack – What’s Going On?
Jimmy Aki
Jimmy Aki
2024-09-19 17:54:00
Altcoin News
Hackers Exploit Automated Email Replies to Deploy Stealthy Crypto Mining Malware
Ruholamin Haqshanas
Ruholamin Haqshanas
2024-09-25 14:08:01
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors