Banana Gun has confirmed that it will refund 11 affected users in connection with last week’s $3 million Telegram bot breach, The Block reported. The team said they have identified a possible vulnerability in the Telegram message oracle used by Banana Gun that may have led to the attack.
Banana Gun has pledged to provide full refunds to 11 users affected by a $3 million wallet breach.
“All affected users will receive a full refund from the Banana Gun Treasury and no tokens will be sold for compensation,” the team said in an X post on Tuesday evening.
Banana Gun operates one of the industry’s leading Telegram-based trading bots. The bot enables users to perform on-chain trades and snap up upcoming tokens, and has generated over $6.3 billion in trading volume from nearly 279,000 users.
Community members first pointed out the attack last Thursday, with Banana Gun confirming that some users’ wallets had seen “unauthorized transfers.” The incident prompted the team to shut down the Ethereum Virtual Machine and Solana bot, though they claim their backend systems were not compromised.
"Only a small number of users (less than 10) were affected. Furthermore, the transfers appeared to have been performed manually. This leads us to believe that the issue may have been caused by a front-end vulnerability," the project said at the time.
The number of affected users was eventually confirmed to be 11, with the targets being "smart money" traders and cryptocurrency veterans who were "not easily gullible." Banana Gun said on Tuesday that these targets were well-known in the industry for their social influence or trading expertise.
“After a thorough investigation by the Banana Gun development team and external experts, we identified a potential vulnerability in the Telegram message oracle we were using, which may have enabled this attack,” the team said.
After fixing the problem last Friday, the bot was back online and no attacks occurred after it was shut down. The response included implementing a two-hour transfer delay, adding two-factor authentication for transfers, and auditing back-end and front-end systems.
