Banana Gun Telegram Bot to Compensate $3 Million to Hack Victims

The team behind the trading Telegram bot Banana Gun has confirmed its intention to compensate 11 affected users with $3 million, stolen during a hack on September 19.

BOT INCIDENT RECAP

First of all, we’re humbled by the incredible bot activity on Banana Gun, even after last week’s incident. Thank you all for your patience and trust. We take this as a testament that we’re handling the situation properly. As previously mentioned, our EVM and…

— Banana Gun ?? (@BananaGunBot) September 24, 2024

According to the developers, the compensation will be made from the project’s treasury and will not require additional token sales.

An investigation involving external experts identified a potential vulnerability in the Telegram message oracle used by Banana Gun.

“The root cause analysis is confirmed, firstly, by the nature of the attack (manual transfers, not a script) and the fact that victims received notifications of transfers in the bot,” the developers reported.

The attack targeted Smart Money traders and seasoned crypto market veterans, known in the community for their experience and media presence.

The incident affected both EVM and Solana bots, which have separate code bases and operate independently.

Currently, the Banana Gun team has resolved the issue and reactivated the bots. For security reasons, transfers are now executed with a two-hour delay.

The developers plan to implement two-factor authentication for data transmission and conduct an audit of web applications and Telegram bots.

Despite the incident, activity on Banana Gun has resumed. According to Dune Analytics, at the time of writing, the cumulative trading volume exceeded $6.3 billion from more than 278,000 users.

Back in September, the bot’s developers confirmed “unauthorized transfers” from the wallets of a limited number of users. Initially, external experts estimated the damage at $1.9 million.