Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Banana Gun stated on X platform that some users experienced unauthorized wallet transfers. The issue may have stemmed from a front-end vulnerability. Prioritizing security, the team kept the bot offline during the investigation of the root cause. On September 25, Banana Gun announced on X platform that a total of 11 users were affected, with losses amounting to $3 million. All affected users will be fully compensated from the Banana Gun treasury, without selling any tokens for reimbursement. Following a thorough investigation by the Banana Gun development team and external experts, it was discovered that a potential vulnerability in the Telegram message oracle used by Banana Gun might have led to the attack. Attack method (per SlowMist): Unknown. Reported loss: $ 3,000,000.
- chain
- —
- protocol
- Banana Gun
- bug_class
- access-control
- date_occurred
- 2024-09-19
- loss_usd
- $3,000,000
- source_id
- sm:banana-gun::2024-09-19