Banana Gun to Refund $3 Million Following Exploit of Telegram Bot
Banana Gun has announced that it will refund $3 million to 11 users affected by a recent exploit involving its Telegram trading bot.
The incident, which occurred last week, led to unauthorized transfers from user wallets, raising concerns about the security of the platform.
The trading bot, which facilitates on-chain transactions and allows users to capitalize on upcoming token launches, has processed over $6.3 billion in trading volume across nearly 279,000 users.
Following the exploit, Banana Gun temporarily disabled its Ethereum Virtual Machine and Solana bot while investigating the incident. The team stated that its back-end systems remained uncompromised.
An internal investigation, along with external assessments, revealed a potential vulnerability in the Telegram message oracle utilized by Banana Gun. This flaw is believed to have been exploited, allowing attackers to target experienced traders known for their presence in the crypto community.
In a statement posted on X, the Banana Gun team assured users that "all impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements."
The company emphasized that the affected group included a small number of users—specifically, fewer than 10—who were considered “smart money” traders.
To enhance security following the incident, Banana Gun has implemented several mitigations, including a two-hour transfer delay and the addition of two-factor authentication for transactions. Audits of both the front-end and back-end systems are also underway.
The bots were reinstated after the vulnerability was patched last Friday, and no subsequent attacks have been reported since the initial shutdown.