Banana Gun, a popular trading bot platform, has released a statement detailing the recent exploit that resulted in the loss of $3 million. The developers have identified a vulnerability in the Telegram message oracle as the root cause of the attack.
A total of 11 users were affected by the exploit, and Banana Gun has committed to fully refunding the lost funds from its treasury. No tokens will be sold to cover the reimbursements.
The attack targeted experienced traders who were known in the cryptocurrency community. The attackers manually transferred Ethereum (ETH) from the victims’ wallets while they were interacting with the bot. Both the EVM and Solana bots were affected, despite having separate codebases.
To prevent future attacks, Banana Gun has implemented several security measures. These include a 2-hour transfer delay, the addition of two-factor authentication (2FA) for transfers, a thorough review of both back-end and front-end systems, and collaboration with a leading security team.
Banana Gun has also redeployed its back-end systems and switched to new servers to enhance security. Additional pentesting and audits are planned for the webapp and Telegram bots.
