On September 25, the Telegram Bot project Banana Gun released an update on the “theft” saying that 11 users were affected by the attack and they lost $3 Million, which will be fully compensated. Banana Gun also informed that its EVM and Solana robots are restored back online with only a 2-hour transfer delay.
The compensation to the victims of the attack will not be done by selling tokens, added the project.
The attack that took place on 19 September led to an extensive investigation by the Banana Gun development team and external experts. During the probing, it was found that the Telegram message oracle used for the project had a potential vulnerability, which may have been the root-cause of the attack.
Banana Gun has fixed the issue and has executed better security measures and reactivated the robot. As revealed by the team, this analysis is supported by the following two points: 1) the nature of the attack (manual transfer); 2) the victim received a notification of the transfer within the robot.
The team wrote in a post, “Mitigation going forward by Banana Gun: 1. Implemented 2 hour transfer delay. 2. Adding 2FA for transfers (to be done). 3. Conducted a thorough review of both the back-end and front-end systems. 4. Redeployed the back-end and switched to new servers. 5. Collaborated for the investigation with Security Alliance, one of the leading security teams in web3. 6. Pentesting & more audits for webapp and TG bots coming.”
What did the attack entail?
The attack was carried out to target smart money traders and crypto veterans who navigate the space and are not easy to scam. The victims were “known” to attackers in the space, either due to their social presence or trading expertise. Note that the victims witnessed the attacker manually transferring Ether(ETH) from their wallets while they were interacting with the bot and receiving notifications.
The project’s EVM and Solana bots were affected, which have separate codebases and operate independently. However, no attacks took place after the bot was shut down.
Also Read: $BANANA Crashes Amid Alarming Wallet Draining Incident
Source: https://www.cryptonewsz.com/banana-gun-attack-update-11-users-lost-3m/