Banana Gun update: Under 10 users affected, bot secure

After users reported mysterious withdrawals, the Banana Gun team disabled its Telegram bot and confirmed that its code was not exploited.

An update from the Banana Gun (BANANA) team stated that its back-end was uncompromised, despite reports of unauthorized transactions from user wallets flooding crypto social media. Banana Gun, a Telegram-based bot that allows users to execute quick swaps, remained offline at press time. The team did not provide a timeline for when its tool might be reactivated.

Regarding the root cause, the project suggested that a front-end vulnerability was likely the issue. While scant details were disclosed, the team’s statement implied that the exploit may have originated from Telegram.

Although unconfirmed, it’s possible that the ten or so affected users interacted with malicious links. Phishing scammers have launched a deluge of harmful campaigns this year, attempting to steal cryptocurrencies and digital assets from web3 participants.

Banana Gun’s team encouraged the public to reach out with helpful information or report further cases. The tool has generated over $35 million in all-time fees, according to DefiLlama, and thousands of users employ its Telegram trading bot.

As we prioritize security, we will keep our bot offline while we investigate the root cause. The amount of support we’ve received, particularly from our partners, has been truly heartwarming. If you have any insights that may help us, feel free to send us a direct message here on Twitter.

Banana Gun team update on unpermitted transfers

If Telegram emerges as the issue’s origin, Banana Gun would be the second decentralized finance protocol to suffer a web2-based exploit this week.

On Sept. 18, hackers gained access to the website of Ethena Labs, a synthetic dollar issuer. Similar to the Telegram bot, Ethena paused its website until the issue was resolved.