Banana Gun users lost $3 million as the trading bot platform plans on repaying the entire amount to its users.
Banana Gun, a Telegram trading bot assisting astute traders in placing automated trades efficiently, underwent a $3 million hack. The bot’s team has promised to fully refund affected users.
Banana Gun was targeted by an attacker on September 19. It became evident as users reported outbound transactions from their crypto wallet, which they had not initiated. Banana Gun’s team immediately froze all functional bots across the Ethereum Virtual Machine (EVM) and Solana to avoid further exploits.
As the hack occurred, it looked like $2 million of ETH was stolen from 36 users. However, Banana Gun’s post-mortem report revealed a higher amount was drained from user wallets, amounting to $3 million. It also showed the number of affected users was lower than initially thought at 11.
Hack Bigger Than Previously Thought
“A total of 11 users were affected, with $3M drained,” Banana Gun posted on X. All impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements.” The post also mentioned EVM- and Solana-based trading bots were live again, with a two-hour transfer delay.
As hackers often turn to crypto newcomers to exploit them due to the ease, the Banana Gun depicts quite the contrary. This hacker decided to take on a group of seasoned traders to make away with their money.
“All targets were “known” in the space, either due to their social presence or trading expertise,” according to the report. Thus, the hacker planned the attack to retrieve big amounts from targets that hold significant value. They exploited a Telegram message oracle to get the exploit to work.
With the hack out of the way, it “implemented enhanced security measures and have reactivated the bots” to prevent more such instances from occurring.