Banana Gun, a cryptocurrency trading bot on Telegram, has announced that it will refund users the $3 million lost during a recent hack involving 11 attackers.
BOT INCIDENT RECAP
First of all, we’re humbled by the incredible bot activity on Banana Gun, even after last week’s incident. Thank you all for your patience and trust. We take this as a testament that we’re handling the situation properly. As previously mentioned, our EVM and…
— Banana Gun 🍌🔫 (@BananaGunBot) September 24, 2024
Certain users of Banana Gun had reported unauthorized outgoing transfers from their cryptocurrency wallets on September 19, 2024. As a result, the platform had to disable its Ethereum Virtual Machine (EVM) temporarily, and Solana bots to prevent additional losses.
The initial findings indicated that 36 users were impacted by the breach and lost around $2 million worth of Ether (ETH). However, a subsequent Banana Gun report revealed that the number of affected users was 11, with a total loss of $3 million. Banana Gun has pledged to fully refund all affected users from its treasury without resorting to selling tokens for refunds.
The project’s team has verified that an issue with its trading bot affected experienced crypto traders due to a vulnerability. Unauthorized manual transfers and notifications within the bot raised concerns that a hacker took advantage of a vulnerability in a Telegram message oracle.
The attacker focused on experienced cryptocurrency traders and was able to manually transfer ETH from their wallets while they were using trading bots, unlike typical hackers who target inexperienced investors.
After addressing the security vulnerability, Banana Gun rebooted the EVM and Solana bots and implemented additional security protocols to prevent future fund depletion. These measures consist of a two-hour transfer hold, two-factor authentication for transfers, and a comprehensive system review, among other steps.
In a similar development on May 10, 2024, a scammer involved in a poisoning scam resulting in losing $71 million worth of Wrapped Bitcoin (WBTC) initiated contact with the victim through Telegram. The scammer offered to return 50% of the stolen funds. Peckshield, an on-chain security firm, disclosed that the scammer had taken a surprising step by sending 51 ETH to the victim, accompanied by a message soliciting communication via Telegram.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
