Banana Gun Developers Reveal Details of Telegram Bot Breach

On September 19, members of the crypto community reported a suspected hack of the Banana Gun trading Telegram bot and the theft of funds. The service’s developers confirmed “unauthorized transfers” from the wallets of a limited number of users.

UPDATE ON BOT SITUATION

Today, some users of Banana Gun experienced unauthorized transfers from their wallets. Promptly after the first incident, we immediately switched off the bot and began diligently checking our back-end.

We have confirmed that our back-end is not…

— Banana Gun ?? (@BananaGunBot) September 19, 2024

According to them, after the first incident, the team disabled the bot and began a thorough check of the back-end.

“We have confirmed that our back-end is not compromised. Both the router and the database have been thoroughly checked, and only a very small number of users (fewer than 10) were affected,” Banana Gun reported.

Since the transfers were executed manually, this presumably indicates a vulnerability in the front-end.

“We will keep our bot offline while we investigate the root cause,” the team added.

The developers did not specify the amount of damage. Previously, users on X suggested it could be around $1.9 million.

According to Dune Analytics, Banana Gun is one of the leading Telegram-based trading bots in the industry, with a trading volume exceeding $6 billion from nearly 272,000 users.

Following the initial reports of the suspected hack, the BANANA token reacted with a drop of more than 10%.

At the time of writing, its price had recovered by 5.7%. According to CoinGecko, the coin is trading at $40.64.

In November 2023, Banana Gun’s trading volume exceeded $16 million.

Experts had previously warned about the risks of Telegram bots.

In April 2024, the trading service BONKbot on the Solana network was reportedly subjected to a hacker attack, resulting in users losing about $208,000.