Banana Gun Bot Disabled After Reports of Unauthorized Withdrawals

After users reported mysterious withdrawals, the Banana Gun team disabled its Telegram bot and confirmed that its code was not exploited.

Banana Gun Team Responds to Security Concerns

An update from the Banana Gun team stated that its back-end was uncompromised, despite reports of unauthorized transactions from user wallets flooding crypto social media. Banana Gun, a Telegram-based bot that allows users to execute quick swaps, remained offline at press time. The team did not provide a timeline for when its tool might be reactivated.

Potential Front-End Vulnerability

Regarding the root cause, the project suggested that a front-end vulnerability was likely the issue. While scant details were disclosed, the team’s statement implied that the exploit may have originated from Telegram. Although unconfirmed, it’s possible that the ten or so affected users interacted with malicious links. Phishing scammers have launched a deluge of harmful campaigns this year, attempting to steal cryptocurrencies and digital assets from web3 participants.

Community Support and Security Measures

Banana Gun’s team encouraged the public to reach out with helpful information or report further cases. The tool has generated over $35 million in all-time fees, according to DefiLlama, and thousands of users employ its Telegram trading bot.

As we prioritize security, we will keep our bot offline while we investigate the root cause. The amount of support we’ve received, particularly from our partners, has been truly heartwarming. If you have any insights that may help us, feel free to send us a direct message here on Twitter.

Banana Gun team update on unpermitted transfers

Today, some users of Banana Gun experienced unauthorized transfers from their wallets. Promptly after the first incident, we immediately switched off the bot and began diligently checking our back-end. We have confirmed that our back-end is not compromised.

Similar Incidents in Decentralized Finance

If Telegram emerges as the issue’s origin, Banana Gun would be the second decentralized finance protocol to suffer a web2-based exploit this week.

On Sept. 18, hackers gained access to the website of Ethena Labs, a synthetic dollar issuer. Similar to the Telegram bot, Ethena paused its website until the issue was resolved.

We’ve worked with the registrar to regain control of our domain and had the phishing domains blocked across various services to protect our users. To reiterate, the protocol is not affected and funds are secure.