Banana Gun Trading Bot Temporarily Shuts Down Following $3 Million Security Breach
Banana Gun Trading Bot Compromised – The Telegram-based cryptocurrency trading bot Banana Gun has announced it will refund users who collectively lost $3 million in a recent hack carried out by 11 attackers. The incident has raised significant concerns regarding the security measures of trading bots and their vulnerabilities.
Unauthorized Transfers and Initial Response
On September 19, certain users of Banana Gun reported unauthorized outbound transfers from their crypto wallets. This alarming discovery forced Banana Gun to temporarily disable its Ethereum Virtual Machine (EVM) and Solana bots to prevent further losses. These trading bots are designed to facilitate automated trades, helping crypto traders optimize their profitability.
Investigation Findings
While initial investigations indicated that 36 users were affected, with losses nearing $2 million in Ether (ETH), a subsequent post-mortem report revealed a different picture. According to Banana Gun, “A total of 11 users were affected, with $3 million drained. All impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements.” This commitment highlights the platform’s responsibility towards its users.
Targeting of Seasoned Traders
Unlike typical hackers who often target novice investors, the attackers behind Banana Gun’s breach specifically focused on seasoned crypto traders. They managed to manually transfer ETH from the users’ wallets while the trading bots were operational. The unauthorized transfers and notifications within the bots led Banana Gun to suspect that the hacker exploited a vulnerability within a Telegram message oracle.
Security Measures Implemented
Following the incident, Banana Gun took swift action to patch the vulnerability and resumed operations for its EVM and Solana bots. Enhanced security measures have been put in place to prevent further fund drains, including a two-hour transfer delay, two-factor authentication for all transfers, and a comprehensive review of their systems.
Negotiations with the Hacker
In a related development, on September 21, a hacker who had stolen $5 million from the leveraging yield protocol Shezmu returned most of the stolen funds after accepting a white hat bounty. Shezmu discovered that one of its ShezmuUSD (ShezUSD) stablecoin vaults had been compromised. The hacker demanded that 90% of the stolen funds be returned within 24 hours through an on-chain message.
Recovery of Stolen Funds
Within hours, Shezmu began receiving the stolen Dai (DAI) tokens back in its wallet. The hacker initially returned 282.18 Ether (ETH) to the protocol and followed it with another refund of 137 Wrapped Ether (WETH). This incident reflects the ongoing complexities within the cryptocurrency ecosystem regarding security, user trust, and hacker negotiations.
FAQs about the Banana Gun Hack
What happened with the Banana Gun trading bot?
On September 19, 2023, the Banana Gun trading bot experienced a security breach where hackers executed unauthorized outbound transfers, resulting in a loss of approximately $3 million from users’ crypto wallets.
How many users were affected by the hack?
Initially, it was reported that 36 users were affected, but a post-mortem report revealed that only 11 users experienced the unauthorized transfers, leading to a total loss of $3 million.
How can users protect themselves from similar hacks in the future?
Users can enhance their security by enabling two-factor authentication, regularly updating their passwords, being cautious with sharing information, and monitoring their accounts for unusual activity.
Leave a comment