Highlights:
- Banana Gun compensates users after a $3M hack targeting experienced crypto traders.
- Hack exploited a vulnerability in the Telegram message oracle of Banana Gun bots.
- Banana Gun enhances security; BANANA token surges 7% as investor confidence returns.
Banana Gun, a Telegram-based trading bot, experienced a significant security breach last week, resulting in nearly $3 million in losses for its 11 users. The team behind Banana Gun has announced that all affected users will be compensated from the project’s treasury, assuring the community of their commitment to user security and trust.
Advertisement
BOT INCIDENT RECAP
First of all, we’re humbled by the incredible bot activity on Banana Gun, even after last week’s incident. Thank you all for your patience and trust. We take this as a testament that we're handling the situation properly. As previously mentioned, our EVM and…
— Banana Gun 🍌🔫 (@BananaGunBot) September 24, 2024
Hack Targets Crypto Veterans, Leading to Significant Losses
The attack targeted experienced crypto traders and individuals with substantial social media presence. These users, known for their expertise in navigating the crypto space, were victimized as the attacker manually transferred Ethereum from their wallets. The transfers occurred while interacting with the bot and receiving notifications, highlighting the sophisticated nature of the exploit.
Both the Ethereum Virtual Machine (EVM) and Solana bots experienced the attack despite operating independently with separate codebases. The attack ceased once the bots were shut down, indicating a targeted and manual approach rather than an automated script. Victims reported witnessing the unauthorized transfers in real-time, adding urgency to the situation.
After a thorough investigation involving outside experts, the Banana Gun development team identified a potential vulnerability in the Telegram message oracle used by the bots. This weakness may have allowed the attacker to execute the exploit. The nature of the attack manual transfers and in-bot notifications supports this conclusion.
Banana Gun Enhances Security, Reactivates Bots After Hack
In response to the breach, Banana Gun fixed the security vulnerability and enhanced its protective measures. They reactivated the bots and introduced a two-hour transfer delay to prevent immediate unauthorized withdrawals. They also plan to implement additional security features like two-factor transfer authentication.
The team conducted a comprehensive review of both back-end and front-end systems. This included code audits and vulnerability assessments to uncover any other potential weaknesses. They redeployed the back-end infrastructure and transitioned to new servers with enhanced security configurations to strengthen overall defenses.
To ensure the robustness of these measures, Banana Gun collaborated with the Security Alliance. Plans for penetration testing and additional web application and Telegram bots audits are underway. These steps demonstrate the project’s dedication to preventing future incidents and safeguarding user assets.
BANANA Token Surges 7% as Investor Confidence Returns
The announcement of full refunds has helped restore investor confidence in Banana Gun. Over the past 24 hours, the BANANA token has surged by over 7%, recovering much of the value lost following the hack. The token’s market capitalization now exceeds $130 million, reflecting renewed optimism among investors.
The team thanked its partners, notably the Seal team, the AML bot, and the Binance Security team, for supporting it during this challenging period. Their assistance was instrumental in addressing the vulnerabilities and enhancing the security infrastructure.
Banana Gun’s recent security breach highlights the ongoing challenges in securing decentralized finance platforms and underscores that even experienced traders are not immune to attacks. Their swift action to fully compensate affected users demonstrates a solid commitment to their community and may set a positive example for other platforms.
Advertisement
