A recent hack targeting the Banana Gun trading bot resulted in the loss of nearly $2 million in user cryptocurrency, affecting at least 36 victims.
On September 19, anonymous blockchain analyst Yannick Crypto reported that the Banana Gun trading bot, popular on the Telegram platform, was hacked. According to blockchain security firm Cyvers, at least 36 victims were affected with a total loss of up to $1.9 million, mostly in Ether.
Banana Gun is a trading bot that allows users to make transactions on various blockchain networks such as Ethereum, Solana, and Base. However, its popularity has inadvertently become a vulnerability that has been exploited.
According to Hakan Unal, head of Cyversâ security operations center, about 11 attackers were involved in the incident. âOur systems detected about 11 attackers and about $1.9 million was stolen. Hundreds of users were affected,â he said.
While the number of victims is relatively small compared to the more than 10,000 active accounts on the bot, the incident shows the sophistication of cyberattacks today. âOur systems detected about 11 attackers and about $1.9 million was stolen. Hundreds of users were affected,â Unal added. Cyvers also shared details of the attackers' addresses with Cointelegraph in an effort to increase transparency following the incident.
Notably, the hack does not appear to have originated from a vulnerability in Banana Gunâs smart contract. According to Unal, Cyversâ investigation found no evidence of a contract exploit.
Instead, small amounts of cryptocurrency were stolen from individual accounts, suggesting a targeted attack. âFrom our investigation so far, it does not appear to be a contract exploit. It could just be small amounts taken from their users,â Unal explained.
According to Yannick Crypto, the relatively small number of victims compared to Banana Gun's large user base also supports this theory. Out of the more than 10,000 active accounts on the bot, less than 40 users were affected. With Banana Gun's estimated assets under management (AUM) at $100 million, the damage, while large, did not penetrate the bot's system.
The incident comes amid heightened concerns about cybersecurity in the cryptocurrency space. Angel Drainer, a notorious crypto-attack toolkit, has recently resurfaced in an upgraded version, raising concerns about risks for digital asset investors.
The hack comes just two months after another major hack targeting WazirX, an Indian cryptocurrency exchange, in which over $230 million was stolen, making it the second-largest cryptocurrency hack of 2024. Additionally, the Banana Gun hack comes just weeks after Angel Drainer, a notorious crypto-attack tool, resurfaced with an upgraded version.
While there is no evidence directly connecting Angel Drainer to the Banana Gun hack, the return of these tools is a wake-up call to developers and users about the importance of being vigilant and adopting stronger security measures.
