Telegram bot Banana Gun promises to reimburse victims after a $3 million hack

Telegram trading bot Banana Gun has announced a full refund plan for victims of a $3 million hack. The Banana Gun team stated that 11 users were affected by the security breach and will be reimbursed from the Banana Gun Treasury. The team also announced that the EVM and Solana bots were back online with no restrictions apart from a 2-hour transfer delay.

The Banana Gun team announced a full refund to 11 victims of a hack that drained $3 million in digital assets. The team announced that no tokens will be sold in the reimbursement process, and the refunds will be drawn from the Banana Gun Treasury.

The exploit targeted smart money traders and crypto veterans

BOT INCIDENT RECAP

First of all, we’re humbled by the incredible bot activity on Banana Gun, even after last week’s incident. Thank you all for your patience and trust. We take this as a testament that we're handling the situation properly. As previously mentioned, our EVM and…

— Banana Gun 🍌🔫 (@BananaGunBot) September 24, 2024

The announcement also gave a detailed description of the attack. According to Banana Gun, the security breach targeted smart money traders and crypto veterans known for their social media presence or trading experience. Banana Gun stated that the attacker manually drained the victims’ wallets as they were interacting with the bot.

The malicious hackers compromised the Solana and Ethereum Virtual Machine (EVM) bots before the team shut them down. The Banana team announced that the EVM and Solana bots are back online without any restrictions, apart from 2-hour transaction delays.

According to the team, the hackers exploited a vulnerability in the Telegram message oracle that allowed them to execute the manual crypto transfers. The team assured users that the vulnerability was patched and that more security measures had been taken to prevent a similar occurrence. 

The team stated they had implemented a 2-hour transfer delay on EVM and Solana bots. Additionally, they are working to add two-factor authentication for all transfers and conduct a comprehensive front-end and back-end analysis of all systems. 

Banana Gun switches to new servers to prevent further exploits

The telegram bot team announced they had switched to new servers and redeployed the back-end as a precautionary step to prevent further exploits. Banana Gun also teamed up with third parties, including leading Web3 security firm Security Alliance. The team also promised to conduct more audits for Telegram bots and web apps in the future.

The Banana Gun exploit happened on September 19th, when some users reported experiencing unauthorized transactions from their wallets. 

“Some users of Banana Gun experienced unauthorized transfers from their wallets. Promptly after the first incident, we immediately switched off the bot and began diligently checking our back-end.”

–Banana Gun

The incident happened just two months after WazirX, one of the largest Indian crypto exchanges, suffered a Multisig wallet hack that drained $235 million. The funds were drained into various crypto assets, including Tether USDT, Pepe PEPE, and Gala (GALA) before the hacker converted the assets into Ether.

In early September, the United States Federal Bureau of Investigation (FBI) warned employees of digital asset corporations that North Korean hackers may be targeting them to steal digital assets.