Banana Gun’s team claimed no vulnerability on their side. After an exploit against individual wallets, the bot was frozen for investigation.
Banana Gun bot has no vulnerabilities on its backend, the team announced after investigating the issue. The issue may be on the bot’s frontend, and some of the transfers may have a manual element. Only a small number of wallets were affected.
UPDATE ON BOT SITUATION
Today, some users of Banana Gun experienced unauthorized transfers from their wallets. Promptly after the first incident, we immediately switched off the bot and began diligently checking our back-end.
We have confirmed that our back-end is not…
— Banana Gun 🍌🔫 (@BananaGunBot) September 19, 2024
“We have confirmed that our back-end is not compromised. Both the router and database have been thoroughly inspected, and only a very small number of users (fewer than 10) were affected. Additionally, the transfers appear to have been executed manually,” announced the team on X.
The Banana Gun bot will remain offline until the exact reason for the exploits is found. Since the bot is used through Telegram, some seek the vulnerability with the chat app. Telegram has been known to distribute malicious channels and fake token deals. Using the bot still requires action on the side of the user, after activating on Telegram.
The exploit happened just as Banana Gun opened its registration for a web-based version and put out a teaser for an Appstore launch with no
Immediately after the news, the BANANA token crashed from $43 to $40.34. The token may remain under pressure while the bot is offline. Banana Gun is the most active bot, with lifetime accrued volume of $6.7B in sniping meme tokens and DEX assets.
All bot users with wallets linked to the bot are advised to stop all trading and sweep the assets into a new wallet. Banana Gun requires some liquidity to make the orders, and the funds are at a higher risk compared to being stored in other types of wallets.
536 ETH and SOL taken from Banana Gun deposits
The exact mechanism of transferring tokens through a bot-based order is still unknown. The last drained bot-connected accounts happened a few hours ago, with no new reports of losses while the bot was paused. There are hypotheses that the origin of transactions came from hacked Telegram accounts.
Up to 536 ETH were drained from the selected wallets, and the exploit has not affected the wider user base. Banana Gun has 5,072 users daily on average, though it is one of the biggest producers of DEX traffic and transactions. The bot carries more than 272K accounts, opening a wider vulnerability of funds uploaded for sniping.
The estimated value of losses is at $1.9M. The total losses also included Solana-based asses, expanding the hack to $2M. User yannickcrypto.eth found 36 compromised users, for a total of 536 ETH stolen, with some data on SOL also drained from bot accounts.
After the exploit, one of the recipient addresses only retained 26 ETH, while the other address contains 62 ETH. The second address received funds from two other power users, draining their wallets for 30 and 32 ETH. The hacks affected heavy DEX users and there are rumors more accounts have been drained.
One of the known addresses of the Banana Gun bot hacker drained two other whale wallets. | Source: Nansen
After the Banana Gun exploit, other social media traps emerged, claiming to have tools for coin recovery. Connecting wallets to those services may extend the damage.
Banana Gun stalled during NEIRO token craze
Just as Banana Gun was stopped, the bot’s volumes may also affect the NEIRO market craze. As of September 19, NEIRO had the biggest share of attempted snipes and trades.
More than 43% of the Banana Gun bot activity was pointed at the NEIRO/WETH trading pair and 17% for another version of NEIRO/WETH. Other meme tokens sniped before the exploit included CATE, CATALORIAN and KABOSU.
The bot supports up to 1,000 highly active pairs on Uniswap and Raydium.
The Banana Gun bot also needs sufficient balance for fees, as its most active networks are Ethereum and Solana. Some of the power traders have paid upward of $1M in fees. Solana bribes are the biggest drain on wallets, though this is necessary for guaranteed inclusion in the next block.
–
Cryptopolitan reporting by Hristina Vasileva.