Banana Gun, a popular Telegram trading bot, has recently released information on a cyberattack that has caused a loss of $3 million and affected eleven individuals. However, the company assured the users that those involved in the devastation would be compensated with their own money.
It is expected that no other tokens will be sold by the company to cover the reimbursements. The people who fell victim to this crime were said to be seasoned traders and among the prominent ones in the crypto-verse.
Vulnerability Found in Telegram Message Oracle
The breach was linked to a certain vulnerability in Banana Gun’s Telegram message oracle. The vulnerability allowed the attackers to manually take Ethereum from the victims’ wallets while they were chatting with the bot via Telegram, a rare real-time event that was even seen where the notifications were being sent to the users as their assets were being taken.
Both the Ethereum Virtual Machine (EVM) and Solana bots were affected by this hack, although they live on independent codebases. Fortunately, no more attacks were reported after Banana Gun decided to shut down their bots.
Banana Gun extended their sincere thanks to the community making an official statement. They reiterated that the occurrence did not disrupt the community’s trust since the bot’s activity picked up again, additionally, they now have some added restrictions, like the two-hour transfer delay.
It has informed, after a very thorough inquiry and with the cooperation of external experts and the Security Alliance, the exact reason that caused the issue was the vulnerability of the Telegram message oracle.
The fact that the transactions were manual was one of the most solid clues that backed the above finding, prompting the conclusion that the attacker was more focused on targeting than using an automated wide-range breach.
To prevent further breaches, Banana Gun has implemented several security enhancements. These include the aforementioned transfer delay, the planned addition of two-factor authentication (2FA) for transfers, and a complete review of both back-end and front-end systems.
Moreover, the back-end systems have also been redeployed, and the company had to move to new servers to make the application more secure. They also committed themselves to do several pen-testing and security audits for both web and telegram bots.
In conclusion, Banana Gun also gave a particular acknowledgment to their partners are Seal Team, AML Bot, and the Binance Security team who contributed totally to the checking and restoration throughout the process.
Related Reading | Vitalik Buterin Praises Celo’s Growth, Surpassing Tron in Stablecoin Usage