- Cause of the Incident
- Impact on Users
- Developers' Response
A recent attack on the Banana Gun platform resulted in a $3 million loss for 11 victims. The cause was a vulnerability in the Telegram message oracle.
Cause of the Incident
The attack was linked to a vulnerability in the Telegram message oracle, a feature used for bot notifications. The Banana Gun team has since patched the issue and implemented new security protocols.
Impact on Users
The attack primarily targeted experienced crypto traders with a strong social presence. Victims reported witnessing ETH being manually transferred from their wallets while interacting with Banana Gun’s bots, and receiving notifications confirming the transfers in real time. While both the EVM and Solana bots were compromised, the attacks ceased once the bots were disabled.
Developers' Response
Banana Gun's developers summarized the incident in a statement, thanking users for their continued support despite the breach. "We are humbled by the incredible bot activity on Banana Gun, even after last week's incident. Thank you for your patience and trust," they said. After extensive investigation involving both the Banana Gun team and external experts, the vulnerability was traced to the Telegram message oracle, allowing attackers to gain access and manually withdraw funds from wallets.
After identifying the vulnerability, Banana Gun developers successfully returned $3 million to the affected users and continue to work on improving the platform's security.
