Telegram Bot Banana Gun Suffers Major Loss from Hack
$3 Million Loss Due to Vulnerability
Banana Gun, a Telegram-based cryptocurrency trading bot, has confirmed a $3 million loss due to a vulnerability in its system. This incident has significantly impacted seasoned crypto traders who rely on such bots for their trading activities.
Unauthorized Transfers and Immediate Response
On September 19, users of Banana Gun began noticing unauthorized transfers from their crypto wallets. In response, Banana Gun quickly deactivated its Ethereum Virtual Machine (EVM) and Solana bots to prevent further breaches. Initial reports indicated that 36 users lost around $2 million in Ether (ETH). However, a detailed post-mortem revealed that the actual loss was $3 million, affecting fewer users than initially thought.
Identifying the Vulnerability
Exploitation Through Telegram Message Oracle
The attackers exploited a vulnerability within a Telegram message oracle. Unlike typical hackers who target less experienced investors, this attack was aimed at experienced traders. The hacker managed to manually transfer ETH from users’ wallets while the bots were in operation. This led Banana Gun to suspect that the vulnerability lay in the Telegram message system that the bots relied on.
Measures Taken Post-Attack
Security Enhancements and Refunds
After identifying and patching the vulnerability, Banana Gun reactivated its EVM and Solana bots with enhanced security measures. These measures include:
- A two-hour transfer delay
- Two-factor authentication for transactions
- A comprehensive system review
The company has assured that all affected users will be fully refunded from its treasury without selling any tokens to cover the reimbursements.
Negotiations with Hackers
The Shezmu Protocol Incident
In a related incident, the Shezmu protocol experienced a $5 million hack. However, after negotiations, the hacker agreed to return most of the stolen funds in exchange for a white hat bounty. The hacker initially returned 282.18 ETH and followed up with another 137 Wrapped Ether (WETH).
Conclusion
The recent hacks targeting Banana Gun and Shezmu highlight the ongoing challenges in securing cryptocurrency trading bots and protocols. While the immediate response and subsequent security measures are commendable, these incidents underscore the need for continuous vigilance and robust security protocols to protect users in the evolving crypto landscape.
