Telegram-based trading bot Banana Gun hacked for 563 ETH; BANANA token falls

By:
Edited by:
on  Sep 19, 2024
Listen
5 min read
  • 563 ETH drained from wallets of Banana Gun users.
  • Banana Gun developers have confirmed less than 10 users were affected.
  • The trading bot has been suspended as investigation continues.

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

Popular Telegram-based trading bot Banana Gun suffered a major security breach on September 19, resulting in a loss of 563 ETH, equivalent to roughly $1.9 million.

Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.

While the Banana Gun team initially claimed that fewer than 10 users were affected, community reports paint a different picture, with some suggesting that at least 36 users had their wallets compromised.

This discrepancy has led to confusion within the community as the team continues its investigation into the true scale and cause of the exploit.

The breach caused an immediate impact on Banana Gun’s native token, BANANA, which tanked by over 8% following reports of the hack.

At the time of writing, the token was trading at $39.52, down from an intraday high of $43.21, further exacerbating concerns about the bot’s security.

Banana Gun hack: what we know so far

Copy link to section

Banana Gun, launched in 2023, allows users to trade cryptocurrencies through automated and manual strategies directly via Telegram.

Its most popular feature, known as “sniping,” enables users to quickly buy tokens as soon as they are listed on decentralized exchanges, giving traders a competitive edge.

The platform supports major blockchains like Ethereum, Solana, and Base, and has processed over $6 billion in trading volume to date, attracting nearly 272,000 traders, according to Dune Analytics.

However, on the day of the hack, several users reported unauthorized transactions draining ETH from their wallets.

While the Banana Gun team quickly suspended the bot and announced an investigation, the exact cause of the breach remains unknown.

The team has not disclosed the full amount of funds lost but has maintained that fewer than 10 users were affected.

However, reports from community members suggest that dozens of users fell victim to the exploit, creating uncertainty around the extent of the damage.

As part of its response, the Banana Gun team confirmed that, after a thorough inspection of the back end, the router and database remained secure.

This has led to speculation that the vulnerability lay in the platform’s front-end interface, although the team has not confirmed this.

What is clear is that the exploit was executed manually, adding complexity to the attack and making it harder to trace.

Banana Gun hack: conflicting reports

Copy link to section

The scale of the breach has been a point of contention.

Security firm Cyvers reported that hundreds of users may have been affected, while pseudonymous community member Yannick Crypto cited data from the Banana Gun team suggesting that fewer than 50 accounts were compromised.

Adding to the confusion, Cyvers researchers have ruled out the possibility of a smart contract vulnerability, which would typically affect a project’s entire user base.

This is different from previous exploits in the crypto space, such as the one involving MaestroBots, another Telegram-based trading bot that was hacked in October 2023.

That particular breach targeted the smart contracts and affected all users on the platform, making the Banana Gun incident unique in its method of attack.

Connection to AngelX?

Copy link to section

The timing of the Banana Gun hack coincided with the resurgence of a notorious cryptocurrency wallet drainer known as AngelX.

This malicious toolkit, which re-emerged earlier in September, has been linked to numerous phishing scams and unauthorized wallet drains in the crypto space.

Cybersecurity firm Blockaid reported that AngelX had been spotted just weeks before the Banana Gun exploit, raising questions about whether the two incidents could be connected.

While it remains unclear if AngelX was involved in the Banana Gun attack, the toolkit’s track record is troubling.

An older version of AngelX, known as Angle Drainer, had been used to steal at least $25 million worth of crypto assets from over 35,000 wallets.

The newer iteration of AngelX has already been linked to more than 150 phishing scams since its re-emergence in late August, according to Blockaid.

Some cybersecurity experts have speculated that the Banana Gun breach may have involved multiple attack vectors, possibly including wallet drainers like AngelX.

However, without an official post-mortem report from the Banana Gun team, these claims remain speculative.

Telegram and crypto scams

Copy link to section

The Banana Gun incident highlights the broader issue of security on Telegram, which has become a central hub for cryptocurrency trading and communication.

Telegram’s ease of use and popularity among crypto traders have made it an attractive platform for both legitimate projects and bad actors.

Cybersecurity firms such as SlowMist and Kaspersky have repeatedly warned about the growing number of phishing scams and malicious bots operating on the platform.

SlowMist founder Yu Xian recently pointed out that attackers are deploying large-scale phishing scams via Telegram messaging groups, often using malicious bots to siphon funds from unsuspecting users.

Similarly, Kaspersky flagged a series of unofficial Telegram bots targeting TON (The Open Network) tokens earlier this year.

As of now, Banana Gun remains offline while the team investigates the breach.

Users have been urged to secure their assets and refrain from conducting any transactions using the bot until further notice.

The team has promised to release an official post-mortem report once their investigation is complete, but the community is anxiously awaiting answers.