Users of the Telegram-based cryptocurrency trading bot Banana Gun were affected by a security breach yesterday, resulting in the theft of nearly $1.9 million in digital assets.
Reports from community members and blockchain investigators indicate that at least 11 attackers exploited vulnerabilities to drain funds from users’ wallets.
The Banana Gun team immediately responded by taking the bot offline and stated, “We are investigating the issue, bot is currently offline.” They later confirmed on X on Thursday that unauthorized transfers had been made from user wallets, though they emphasized that their back-end systems were not compromised. “Only a very small number of users (fewer than 10) were affected,” the team added in an update. They suggested that the issue might be related to a front-end vulnerability, as the transfers appeared to be executed manually.
UPDATE ON BOT SITUATION
— Banana Gun 🍌🔫 (@BananaGunBot) September 19, 2024
Today, some users of Banana Gun experienced unauthorized transfers from their wallets. Promptly after the first incident, we immediately switched off the bot and began diligently checking our back-end.
We have confirmed that our back-end is not…
Details of the Banana Gun Stolen Funds
Community member yannickcrypto.eth posted on X, “Seems like there are already 36 victims with almost 563 ETH ($1.4 million) stolen ‘so far’ on mainnet.” According to blockchain security firm Cyvers, the total amount stolen across the Ethereum, Solana, and Base blockchains amounts to nearly $1.9 million.
Investigators have reported that the number of victims is relatively low compared to Banana Gun’s user base of over 272,000 users, who have collectively traded $6 billion through the platform. “Per our investigation so far, it doesn’t seem like a contract exploit. It might be small amounts that are being drained from their users,” said Cyvers senior scientist Hakan Unal.
The Banana Gun team has requested further information from users to help identify the incident’s root cause. While the investigation continues, the bot remains offline.
Banana Gun runs a trading bot on Telegram that allows users to conduct on-chain transactions and target new token releases. According to its Dune Analytics dashboard, the platform is among the top Telegram-based trading bots in the sector, facilitating trading volumes of $6 billion with the participation of almost 272,000 users.
The incident follows previous issues for Banana Gun, including the botched launch of its revenue-sharing Banana token last year due to a contract bug.
As of now, the Banana Gun team is continuing to investigate the breach and work toward resolving the issue for affected users.
Two months before this incident, WazirX, an Indian cryptocurrency exchange, suffered a loss of more than $230 million due to a cyberattack, marking it as the second most significant cryptocurrency theft in 2024 to date.
Read More
- Blockchain Tracks North Korean Hackers’ Movement of Funds Following WazirX Incident
- North Korean Crypto Heist Spree: ETFs Now in the Crosshairs
- WazirX vs Liminal Custody: The $230M Crypto Blame Game
Lawrence does not hold any crypto asset. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.