Telegram bot Banana Gun was the target of a security compromise by hackers, leading to losses of about $3 million that affected eleven users. Following the breach, the Telegram-based platform has promised to reimburse the scam victims. In addition, it is taking the necessary steps to prevent future cyber heist re-occurrences.
BOT INCIDENT RECAP
— Banana Gun 🍌🔫 (@BananaGunBot) September 24, 2024
First of all, we’re humbled by the incredible bot activity on Banana Gun, even after last week’s incident. Thank you all for your patience and trust. We take this as a testament that we're handling the situation properly. As previously mentioned, our EVM and…
Details of the Security Compromise, Leading to Losses of About $3 Million
Per Banana Gun, the fraudulent actors targeted veteran traders by exploiting a loophole in its Telegram message oracle. Consequently, they compromised the Ethereum Virtual Machine (EVM) and Solana versions of the bot despite both entities operating independently.
The cyber thieves opted for manual token transfers as they moved Ethereum (ETH) from victims' wallets. In addition, the attackers seem to target mostly seasoned investors, underscoring a well-planned move aimed at amassing significant funds from a few persons. Interestingly, while the token shifts happened, affected users received real-time notifications. However, they could do little or nothing to prevent the losses.
Banana Gun’s Timely Response that Helped to Prevent Further Losses
Like every platform with customers' interests as a priority, Banana Gun’s cyber security squad swung into action to stop the malicious actors from wreaking more havoc. First, the team shut down the bot to forestall further losses.
In addition, it began an in-depth investigation in collaboration with relevant external online security experts like the Web3 security firm Security Alliance. The investigations' findings led to the implementation of some standardized precautionary measures.
The implemented security breach prevention steps include the introduction of a two-hour transactional delay. With these innovations, users will have sufficient time to react once they suspect suspicious token transfers.
Additionally, the security team has rolled out a two-factor authentication (2FA) for every transfer on the Telegram bot platform. Programming-wise, the squad reviewed the backend and frontend systems thoroughly. Interestingly, it adopted new servers to avoid leaving a linking trace for the hackers to regain access.