Telegram-based mini-app Banana Gun experienced a security breach last week, affecting 11 users who collectively lost about $3 million in ETH. The exploiter transferred the stolen crypto assets to an unknown wallet address.
In its latest tweet, The Banana Gun team promised to repay the stolen funds to affected users as soon as possible, adding that no tokens will be sold to finance the reimbursement.
Banana Gun to Reimburse Hack Victims
The Banana Gun team highlighted that the recent security breach affected a few users. The crew added that $3 million will be dedicated to reimbursing these affected users.
Via an X post, the team revealed that the hacker targeted only smart money traders and veteran crypto traders known for their trading expertise and social media presence.
The attacker processed the transactions manually, transferring chunks of ETH from the individual wallets one by one. At the same time, the users interacted with the bot and received notifications on their devices after each successful transaction by the hacker. Immediately after the team shut down the bot, the bad actor could not process any more transactions.
Following the full refund announcement, investors have shown rekindled confidence in Banana Gun’s token, $BANANA. Within the past 24 hours, it has gained about 7% as it strives to regain its price before the exploit. Currently, $BANANA’s market capitalization is about $135 million.
Banana Gun Fixes Security Issues
The Banana Gun team revealed that the attack affected the company’s Ethereum Virtual mechanic (EVM) and Solana bots, even though they have different codebases and function independently.
Additionally, proper examination showed a potential vulnerability in the Telegram Oracle that the project implemented, which may have led to the attack.
Noting the errors that led to the exploit, the team has partnered with the AMLBot crypto recovery team, Seal team, and Binance Security team to fix the issues and ensure the safety of users’ funds.
Moreover, the team has implemented additional security features, including a two-hour transfer delay and two-factor authentication (2FA) for transfers. It also thoroughly reviewed the project’s entire code, redeployed the backend, and switched to a new server.
Leave a Reply