Banana Gun Hack: $3M Loss and Full Refund to Affected Users

• Banana Gun suffered a $3 million hack targeting experienced crypto traders through a Telegram message oracle vulnerability.
• Banana Gun will fully refund all 11 affected users, implementing enhanced security measures to prevent future attacks.

Banana Gun, a Telegram-based crypto trading bot, has confirmed a $3 million loss as a result of a recent attack that exploited a vulnerability in its system, affecting 11 skilled crypto traders.

The incident occurred on September 19, when users began reporting fraudulent Ethereum (ETH) transfers from their wallets while dealing with Banana Gun’s bots. In response, Banana Gun quickly disabled its Ethereum Virtual Machine (EVM) and Solana bots to prevent further illegal transactions.

BOT INCIDENT RECAP

First of all, we’re humbled by the incredible bot activity on Banana Gun, even after last week’s incident. Thank you all for your patience and trust. We take this as a testament that we're handling the situation properly. As previously mentioned, our EVM and…

— Banana Gun (@BananaGunBot) September 24, 2024

Targeted Attack Exploits Vulnerability, Prompting Banana Gun Swift Response 

What makes this attack unique is that it did not target naive investors, but rather seasoned crypto traders, implying that the attackers chose their targets meticulously.

The exploited vulnerability was discovered within a Telegram message oracle, allowing the hackers to manually initiate ETH transfers from users wallets while the trading bots were active. This targeted and sophisticated operation took a total of $3 million from the affected consumers’ wallets.

Following the attack, Banana Gun took quick action to strengthen security and protect its user base. The corporation has vowed to fully repay all affected users from its treasury, indicating its dedication to restoring trust and confidence among its customers.

Importantly, Banana Gun has said that no tokens will be sold to fund these repayments, guaranteeing that the compensation procedure has no impact on the value of BANANA, the platform’s native currency.

The revelation of the refunds sparked a strong response from the community, resulting in a 7% increase in the value of the BANANA token. This indicates the market’s acceptance of Banana Gun’s swift and decisive response to the situation, as well as its efforts to protect consumers’ assets.

Banana Gun has also implemented many increased security measures to prevent such instances from occurring in the future. These efforts include establishing a two-hour transaction delay and requiring two-factor authentication (2FA) for all transfers, which adds an extra layer of security for users.

The team also performed a thorough analysis of both the backend and frontend systems, redeploying the bot’s infrastructure on new servers to address any remaining vulnerabilities. These measures are intended to bolster the platform’s defenses and ensure that such attacks do not occur again.

Furthermore, Banana Gun’s proactive efforts, such as scheduled penetration testing and further audits, demonstrate the company’s commitment to provide a secure trading environment for its customers.

The hacking attack at Banana Gun is part of a larger pattern of security breaches in the crypto market this month. In a similar vein, as we previously highlighted, other crypto exchanges, such as Singapore’s BingX and Indonesia’s Indodax, have suffered major losses as a result of hacking attacks.