According to BlockBeats, on September 25, the Telegram Bot project Banana Gun provided an update on a recent security breach, announcing that its EVM and Solana bots are back online. The only restriction is a two-hour transfer delay, with no other limitations in place.
A total of 11 users were affected by the breach, resulting in a loss of $3 million. Banana Gun has committed to fully compensating all affected users from its treasury without selling any tokens to cover the losses.
Following a comprehensive investigation by the Banana Gun development team and external experts, it was discovered that a potential vulnerability in the Telegram message oracle used by Banana Gun may have led to the attack. After addressing this issue, Banana Gun implemented enhanced security measures and reactivated the bots. The root cause analysis was supported by two key points: the nature of the attack (manual transfers) and the notifications received by victims within the bot.