According to BlockBeats, on September 25, the Telegram Bot project Banana Gun released an update on the “theft” situation, stating that its EVM and Solana robots have been back online with no restrictions except for a 2-hour transfer delay.
A total of 11 users were affected, with losses of $3 million. All affected users will be fully compensated by the Banana Gun Treasury, and no compensation will be made through the sale of tokens.
After a comprehensive investigation by the Banana Gun development team and external experts, it was discovered that there was a potential vulnerability in the Telegram message oracle used by Banana Gun, which may have led to the attack.
After remediating the issue, Banana Gun implemented enhanced security measures and reactivated the bot. This root cause analysis is supported by 1) the nature of the attack (manual transfer) and 2) the fact that the victim received notification of the transfer within the bot.