A security breach at the well-known Telegram trading bot Banana Gun led to the pilfering of more than $500k worth of Ethereum from users’ wallets.
On September 19, users of the Telegram-based trading bot Banana Gun suffered significant losses as a result of the bot’s compromise.
Reportedly, over 500 ETH were removed from wallets associated with Banana Gun, resulting in a total loss of $1.9 million.
Details of the Banana Gun Hack
The breach was first discovered by a number of community members, and the on-chain security protocol Failsafe verified the event with an X post.
🚨 SECURITY ALERT 🚨
— FailSafe (@protectmywallet) September 19, 2024
We've received reports of wallet drains affecting @BananaGunBot users.
If you suspect your funds may be at risk:
– Sweep your assets into a fresh wallet
– Lockdown your assets with our free tool at https://t.co/Vr7qwpksc2
We'll keep updates streaming in
The victims—at least 11 users—have lost cryptocurrency valued at $1.9 million in total.
Some users on X (formerly Twitter) have expressed doubts about whether the Banana Gun bot was directly hacked, despite the relatively small number of victims.
ATTENTION!
— yannickcrypto.eth (@YannickCrypto) September 19, 2024
There is rumour that @BananaGunBot wallet's getting drained right now.
Recipient of the 6 drained wallets i could find is
0xe451241389b80a980c44dd55805eb05276cd141c
0xd073f28400be60aae6691d6131b5f7f45e91d999
But there is rumour that there are much more victims.
The team has acknowledged the issue, stating, “We are investigating the issue; the bot is currently offline,” in a pinned message on their Telegram channel.
Banana Gun is not the first to encounter difficulties. Due to a smart contract bug, the project’s revenue-sharing Banana token launch went awry in September of last year.
Notably, Banana Gun is one of the leading Telegram-based trading bots, with its Dune Analytics dashboard showing over $6 billion in trading volume facilitated for nearly 272,000 users.
The recent security breach has generated discussions regarding the safety of automated trading tools in the cryptocurrency industry, despite their widespread use.
Comparison to Other Telegram Trading Bot Hacks
Banana Gun is not the only company experiencing security lapses. Another trading bot on Telegram, Unibot, suffered a hack in October 2023 that cost users more than $600,000.
The Unibot hack, according to the on-chain analytics account Lookonchain, was caused by a “Call Injection” exploit, in which hackers transferred tokens authorized for Unibot contracts by using malicious call data.
A hacker attacked @TeamUnibot and is stealing the assets of users.
— Lookonchain (@lookonchain) October 31, 2023
As of now, the stolen assets have exceeded $600K.
If you use #Unibot, please move your funds to other wallets or revoke approvals of the contract as soon as possible.
0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865 pic.twitter.com/ioObZ3WAyR
Similar to this, earlier this year, the Solana-based Telegram bot Solareum was forced to close due to a lack of funding and a security breech that resulted in the theft of over 2,800 SOL from over 300 users, resulting in $520,000 in losses.
These incidents point to a concerning trend: trading bots are becoming more and more susceptible to security breaches.
The growing list of hacks within the automated trading ecosystem now includes the Banana Gun hack.