After users reported the mysterious footage, the Banana Gun team disabled the Telegram bot and confirmed that its code had not been exploited.
In an update from the Banana Gun (BANANA) team, it was noted that its backend had not been compromised despite reports of unauthorized transactions from user wallets flooding crypto social media. Banana Gun, a Telegram-based bot that allows users to perform quick swaps, was offline at press time. The team did not provide a timeline for when the tool might be reactivated.
As for the root cause, the project suggested that the issue was likely a front-end vulnerability. While few details were disclosed, the team’s statement hinted that the exploit may have originated from Telegram.
While unconfirmed, it’s possible that as many as ten affected users may have engaged with malicious links. Phishing scammers have launched a series of malicious campaigns this year, attempting to steal cryptocurrencies and digital assets from web3 contributors.
The Banana Gun team encouraged the public to get in touch with helpful information or report more cases. According to DefiLlama, the tool has generated more than $35 million in revenue, an all-time high, and thousands of users are using the Telegram trading bot.
Since we prioritize security, we will keep our bot offline while we investigate the root cause. The amount of support we have received, especially from our partners, has been really heartwarming. If you have any ideas that could help us, feel free to send us a direct message on Twitter.
Banana Gun team update on unauthorized transfers
UPDATE ON BOT STATUS
Today, some users of Banana Gun experienced unauthorized transfers from their wallets. Immediately after the first incident, we shut down the bot and started to carefully monitor our backend.
We have verified that our backend is not…
— Banana Gun 🍌🔫 (@BananaGunBot) September 19, 2024
If Telegram is found to be the source of the problem, Banana Gun will become the second decentralized finance protocol to suffer a web2-based attack this week.
On September 18, hackers gained access to the website of Ethena Labs, which issues synthetic dollars. Similar to the Telegram bot, Ethena also paused the website until the issue was resolved.
We worked with the registrar to regain control of our domain and blocked phishing domains across several services to protect our users.
Again, the protocol has not been affected and funds are safe.
Etena[.]fi remains the only official domain name and we… https://t.co/x7twAcUNGr
— Ethena Labs (@ethena_labs) September 18, 2024