Banana Gun promises to refund $3 million stolen from impacted users

Reported by The Block: Banana Gun confirmed it will refund 11 users impacted by a $3 million exploit of the Telegram bot last week.
The team said it had identified a potential vulnerability in the Telegram message oracle Banana Gun uses, which may have led to the exploit.

Banana Gun promised to refund 11 users affected by a $3 million exploit of wallets last week.

“All impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements,” the team posted on X late Tuesday.

Banana Gun operates one of the industry’s leading Telegram-based trading bots. It enables users to execute on-chain transactions and snipe upcoming token launches and has generated over $6.3 billion worth of trading volume from nearly 279,000 users.

Community members first highlighted the attack last Thursday, with Banana Gun confirming that some users had witnessed "unauthorized transfers" from their wallets. The incident prompted the team to switch off the Ethereum Virtual Machine and Solana bot, though it claimed its back-end systems were not compromised.

"Only a very small number of users (fewer than 10) were affected. Additionally, the transfers appear to have been executed manually. This leads us to believe the issue may stem from a front-end vulnerability," the project said at the time.

That number turned out to be 11 users, with the attack targeting “smart money” traders and crypto veterans who are “not easy to scam,” Banana Gun said on Tuesday, adding that the targets were known in the space due to their social presence or trading expertise.

“After a thorough investigation by the Banana Gun development team and outside experts, we identified a potential vulnerability in the Telegram message oracle we use, which may have led to the exploit,” the team stated.

The bots returned online after the issue was patched last Friday, and no attacks have occurred since the shutdown. Mitigations include a two-hour transfer delay, adding two-factor authentication for transfers and audits of the back-end and front-end systems.

Source