Telegram Bot project Banana Gun released a security incident update on X: its EVM and Solana robots have been back online with no restrictions except for a 2-hour transfer delay.
A total of 11 users were affected, with a loss of $3 million. All affected users will be fully compensated by the Banana Gun Treasury, and no compensation will be made through the sale of tokens.
After a comprehensive investigation by the Banana Gun development team and external experts, it was found that the Telegram message oracle used by Banana Gun had a potential vulnerability that may have led to the attack.
After fixing this issue, Banana Gun implemented enhanced security measures and reactivated the robot. Future mitigation measures are as follows:
-Deployed a 2-hour transfer delay;
-Added 2FA for transfers (to be completed soon);
-Conducted a thorough review of the backend and frontend systems;
-Redeployed the backend and switched to a new server;
-Worked with the Security Alliance (one of the leading security teams in Web3) for investigation;
-Pension testing and more audits of the webapp and TG robots are coming soon.