Banana Gun Releases "Stolen" Update: 11 Users Lost $3 million, Will Be Paid in Full
On September 25th, the Telegram Bot project Banana Gun released an update on the "stolen" situation, saying that its EVM and Solana robots have been back online, with no other restrictions except for the 2-hour transfer delay. A total of 11 users were affected, and the loss amount was 3 million US dollars. All affected users will be paid in full by the BananaGun treasury, and will not be compensated by selling tokens. After a comprehensive investigation by the BananaGun development team and external experts, a potential vulnerability in the Telegram message oracle used by Banana Gun was discovered, which may have led to this attack.
After fixing this issue, Banana Gun implemented enhanced security measures and reactivated the robot. This root cause analysis is supported by the following two points:
The nature of the attack (manual transfer).
The victim was notified of the transfer within the robot.