The breach on Banana Gun reported on September 19 forced the company to suspend its Ethereum Virtual Machine (EVM) and Solana bots.
In response to a recent breach that was carried out by eleven individuals, the cryptocurrency trading bot known as Banana Gun, which is based on Telegram has announced that it will reimburse consumers who lost a total of three million dollars.
Banana Gun Looses $3 Million
Members of the banana gun community claimed on September 19 that unlawful outbound transfers had occurred in their cryptocurrency wallets. The revelation compelled Banana Gun to temporarily disable its Ethereum Virtual Machine (EVM) and Solana bots to prevent any future losses.
Crypto trading bots, which cryptocurrency traders frequently use to maximize their profits, make automatic trades possible. The initial investigations claimed that the attack hit 36 people and cost them roughly $2 million in Ether.
However, Banana Gun’s post-mortem report revealed a higher loss with fewer casualties.The incident affected eleven users, resulting in a loss of three million dollars.
Vulnerability within Telegram message oracle
The bot company has stated that it will not sell tokens for reimbursements, and all affected users will receive full refunds from the Banana Gun treasury. The attacker targeted experienced cryptocurrency traders and was able to manually transfer ETH from their wallets.
This is in contrast to the typical practice of hackers who prey on naïve investors. Given that the hacker exploited a vulnerability in a Telegram message oracle, The bot concluded that the hacker was accountable for both the manual illicit transfers and the in-bot alerts triggered by these transactions.
Following the implementation of the patch for the vulnerability, The telegram bot restarted operations for EVM and Solana bots and put in place security measures to prevent further fund leaks.
Negotiating with hacker
Banana Gun has implemented measures such as a two-hour transfer delay, two-factor authentication, and a thorough system examination. Shezmu, the hacker who stole $5 million from the yield protocol, repaid the majority of the money after accepting a white hat bounty on September 21.
When Shezmu discovered a compromise in one of its ShezmuUSD (ShezUSD) stablecoin vaults, the hacker requested the return of ninety percent of the stolen funds via an onchain message within twenty-four hours.
Shezmu began receiving the stolen Dai tokens into its wallet within a matter of hours. Following the initial return of 282.18 Ether to the protocol, the hacker then proceeded to provide a second refund of 137 Wrapped Ether (WETH).
