Telegram-based cryptocurrency trading bot Banana Gun announced it will refund users who collectively lost $3 million in a recent hack involving 11 attackers.
On Sept. 19, some Banana Gun users noticed unauthorized transfers from their crypto wallets, prompting the platform to temporarily shut down its Ethereum Virtual Machine (EVM) and Solana bots to prevent further losses. These trading bots, commonly used to automate crypto trades, were compromised, leading to significant losses.
It was initially reported that 36 users lost nearly $2 million worth of Ether (ETH). However, Banana Gun’s post-mortem report later revealed that the total loss was higher, amounting to $3 million, but with only 11 users affected.
“All impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements,” the company stated.
Banana Gun runs a popular Telegram-based trading bot that lets users do on-chain transactions and snipe new token launches. So far, it has handled over $6.3 billion in trading from nearly 279,000 users.
Vulnerability in Telegram message oracle
The attackers targeted experienced crypto traders, manually transferring ETH from their wallets while the bots were operational. Banana Gun suspects the exploit stemmed from a vulnerability in its Telegram message oracle, which allowed hackers to execute the transfers.
After addressing the flaw, Banana Gun restarted its EVM and Solana bots, implementing new security measures. These include a two-hour delay for transfers, two-factor authentication, and a thorough system review to prevent further incidents.
In a separate case, the hacker who stole $5 million from the Shezmu yield protocol agreed to return most of the stolen funds after negotiating a white hat bounty on Sept. 21.
Shezmu’s ShezUSD stablecoin vault had been exploited, and the hacker requested that 90% of the funds be returned within 24 hours. Shezmu confirmed receiving the stolen Dai (DAI) tokens shortly after, with the hacker initially returning 282.18 Ether (ETH), followed by an additional refund of 137 Wrapped Ether (WETH).