Banana Gun refunds funds and enhances security to restore user's confidence

The Telegram-based cryptocurrency trading bot Banana Gun has announced it will refund users who collectively lost $3 million in a recent hack carried out by 11 attackers.

On Sept. 19, Banana Gun users reported unauthorized outbound transfers from their crypto wallets. The revelation forced Banana Gun to temporarily switch off its Ethereum Virtual Machine (EVM) and Solana bots to avoid further losses.

Crypto trading bots facilitate automated trades, often used by crypto traders to optimize profitability.

While initial investigations suggested that 36 users were affected by the attack and lost nearly $2 million worth of Ether, Banana Gun’s post-mortem report revealed a higher value of loss with fewer casualties.

“A total of 11 users were affected, with $3M drained. All impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements,” the bot firm stated.

Vulnerability within Telegram message oracle

Banana Gun allows users to snipe tokens at launch and , after, trade them, swap and copy trade. While the app is easy to use, it's very much a tool for experienced crypto investors.

This partly explains why the hack was so large ($3.3M) while only targeting 11 victims.

Given that the hacker manually instigated the unauthorized transfers, the team suspected they were likely targeting selected users. Banana Gun later confirmed this.

After patching the vulnerability, Banana Gun restarted EVM and Solana bots and implemented security measures to prevent further fund drains. Measures include a two-hour transfer delay, two-factor authentication for transfers, and a thorough review of systems, among others.

Security enhancements restoring user's confidence

Following the investigation, Banana Gun imposed stronger security measures to deter future breaches. One of these changes was the two hour transfer delay, which would give users time to react in case of suspicious activity.

The platform also introduced a two-factor authentication (2FA) for all transfers to ensure user transaction security.

The team also reviewed the backend and frontend systems comprehensively, redeploying the bot's infrastructure on new servers to eliminate any lingering vulnerabilities.

All these upgrades would ensure the robustness of the BananaGun system and resistance to future attacks.

The team's proactive approach to security, including planned penetration testing and additional audits, has since helped to regain the confidence of the users.

After Banana gun announced that they would be refunding the lost funds, the price of Banana tokens also surged by 7%, indicating that the market had responded positively to the team's handling of the crisis.