Telegram-based trading bot Banana Gun was exploited last week. During the early Asian hours on Wednesday, the team announced that all victims will be made whole.
Details
- Banana Gun helps users to execute on-chain transactions and snipe upcoming token launches
- The exploit came to light when some users saw "unauthorized transfers" take place from their wallets
- 'Known' people from the industry were targeted by the attacker who manually sent ETH from their wallets while they were interacting with the bot
- A potential vulnerability in the Telegram message oracle used was targeted by the exploiter
- The team has identified and patched the issue
- The back end has been re-deployed and Banana Gun has switched to new servers
Why should you pay attention?
- Banana Gun generated more than $6.3 billion worth of trading volume and boasts of a user base of 279,000 people
- The attacker targeted only “smart money” traders and crypto stalwarts — with an impactful social presence and trading expertise — who were not easy to scam
- With the rise in the number of DeFi scams, it is essential to take notes and beware
Who said what?
- The team assured users on X,
“A total of 11 users were affected, with $3M drained. All impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements"
Zooming out
- After the bot was shut down, no attacks have occured
- Banana Gun’s EVM and Solana bots are back online with no restrictions, except for a 2-hour transfer delay
- The team has also implemented enhanced security measures
- Two-factor authentication for transfers, however, is yet to be rolled out
- The team is in the midst of pen-testing and conducting additional audits for web-apps and Telegram bots