Banana Gun Telegram Bot Wallets Drained

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Banana Gun Logo/Homepage

Banana Gun is a Telegram-based trading bot. On September 19th, 2024, multiple high-profile users started reporting their funds being drained from their wallets, live in front of them. While full details of the vulnerability have not yet been released, it is believed to be a vulnerability in the Telegram messaging system. 2FA on withdrawals, and a 2 hour delay, were both implemented in response. Users who were affected have reportedly all been reimbursed.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45][46][47][48][49][50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66][67][68][69][70][71][72][73][74][75][76][77][78][79][80][81][82][83][84][85][86][87][88][89][90][91][92][93][94][95][96][97][98][99][100][101][102][103][104][105][106][107][108][109][110][111]

About Banana Gun Bot

"TRADE CRYPTO THE BANANA WAY"

"Welcome to Banana Gun, YOUR trading bot. Available on Telegram and soon our own webapp. Snipe upcoming launches or safely trade tokens that are already live. We are your go-to platform for trading on the Ethereum, Solana, Base and Blast chains (with more to come!)."

"The best trading bot on Ethereum, Solana, Base and Blast. Built by on-chain traders."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"On September 19th, while most of us were busy watching charts go sideways, some Banana Gun users found their wallets being peeled..."

Key Event Timeline - Banana Gun Telegram Bot Wallets Drained
Date Event Description
September 19th, 2024 3:17:00 AM MDT Word Of Exploit One of the first tweets by PetitPrinceETH mentioning a potential exploit on BananaGunBot.
September 19th, 2024 3:23:00 AM MDT TheCryptoChefX Wallet Drain TheCryptoChefX reports that they woke up to their wallet drained to 0 ETH.
September 19th, 2024 3:29:00 AM MDT YannickCrypto Loss Report YannickCrypto reports on a "rumour" about wallets getting drained, and that he's able to find 6 drained wallets so far.
September 19th, 2024 3:33:00 AM MDT Wallet Compromise Alert Twitter user thesheikhcrypto warns users to transfer all their banana wallet assets to another wallet.
September 19th, 2024 3:36:00 AM MDT Joke About Refunds Offered In a joke tweet by CryoFrosty, BananaGunBot is apparently offering refunds, and a picture shows a user who thought they got drained but it was just "bad trading".
September 19th, 2024 3:38:00 AM MDT User Reports Suspicious Sells A French user befreeshcrypto posts a screenshot of some sell transactions which appear to be failing on their BananaGunBot.
September 19th, 2024 3:41:00 AM MDT Bot Stopped For Investigation The bot is reportedly stopped for investigation, and there's a report by cryptocevo of $200k lost from a friend. Comments here show losses of 15k, 12 ethereum, and 10k, among many others.
September 19th, 2024 3:46:00 AM MDT Market Price In Freefall In a tweet, Twitter user PastanagaCrypto shows the Banana price in freefall on the markets.
September 19th, 2024 3:46:00 AM MDT Market Price Has Dropped In a tweet, Twitter user SwiatKrypto warns to move assets and shares a screenshot of the market price of BANANA having dropped. The price appears to have stabilized at a lower value at this time.
September 19th, 2024 4:10:00 AM MDT YannickCrypto Loss Update YannickCrypto provides an update, reporting that there are 36 victims and 563 ethereum stolen, and some drains happening on the Solana blockchain. At this time, he doesn't believe that Banana Gun itself got hacked, as there are too few victims for that.
September 19th, 2024 4:34:00 AM MDT YannickCrypto Reports No Vulnerability YannickCrypto reports an apparent update from the Banana Gun team, which has reportedly confirmed that hackers got into <50 accounts and drained through the accounts themselves, and that the attack seems to be over.
September 19th, 2024 4:38:00 AM MDT ZekeEther Reports Drain Twitter user ZekeEther reports their wallet is drained of $15k.
September 19th, 2024 6:02:00 AM MDT Mduz_NFT Reports Drain Twitter user Mduz_NFT reports their wallet is drained for $50k.
September 19th, 2024 6:11:00 AM MDT Sheesh Warns To Move Funds A Telegram account named Sheesh warns users to move their funds out of Banana Gun wallets.
September 19th, 2024 9:27:00 AM MDT Update From BananaGunBot Team The BananaGunBot team reports that some users experienced unauthorized transfers from their wallets. They quickly disabled the bot and investigated, confirming that their back-end is secure and that fewer than 10 users were affected. The transfers appear to have been manually executed, indicating a possible front-end vulnerability. The team is prioritizing security and will keep the bot offline while they investigate. They expressed gratitude for the support received and invited users to share any insights via direct message on Twitter.
September 19th, 2024 11:28:00 AM MDT User Banned In Discord Twitter user daze05xx reports that the team is "banning users in [Telegram] for asking questions".
September 19th, 2024 12:17:00 PM MDT User Banned In Discord Twitter user IBendCrypto reports being banned in Discord chat when they attempted to discuss the issue.
September 19th, 2024 2:44:00 PM MDT MaestroBot Not Affected The MaestroBot team posts to notify that they are not affected in the breach at all. "just another day in crypto for us"
September 20th, 2024 8:20:00 AM MDT Arbitrage Scanner Data Arbitrage Scanner shared data on 11 of the drained wallets. However, it's unclear if these wallets are accurate as many have no transactions related to the BananaGunBot.
September 20th, 2024 2:22:00 PM MDT ManaMoonNFT Tweet ManaMoonNFT reports on being a victim and losing 128 ethereum. They call it "one of the most bizarre hacks [they]'ve ever seen".
September 24th, 2024 1:21:00 PM MDT Updated From BananaGunBot The BananaGunBot team reports on the aftermath. They report that 11 users experienced unauthorized transfers totaling $3M. They confirmed that both EVM and Solana bots are back online, now with a 2-hour transfer delay to enhance security. All affected users will be fully refunded from the Banana Gun treasury without selling any tokens. An investigation revealed a vulnerability in their Telegram message oracle that may have been exploited, leading to manual transfers while victims interacted with the bot. In response, the team has implemented several security measures, including 2FA for transfers and thorough system reviews. They thanked their partners for their support during this process.
September 24th, 2024 1:39:00 PM MDT Refund Reported Received Twitter user ManaMoonNFT reports that they have received a full refund for their losses.
September 25th, 2024 1:52:00 PM MDT Rekt Investigation Started The Rekt team posts an investigation of the Banana Gun incident on their site and Twitter.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

"Initially reported as a $1.9M slipup affecting 36 users, this bunch of bad news eventually grew to a $3M whopper impacting 11 very unhappy campers."

The total amount lost has been estimated at $3,000,000 USD.

Immediate Reactions

"There is rumour that @BananaGunBot wallet's getting drained right now. Recipient of the 6 drained wallets i could find is 0xe451241389b80a980c44dd55805eb05276cd141c 0xd073f28400be60aae6691d6131b5f7f45e91d999 But there is rumour that there are much more victims."

"Seems like there is already 36 victims with almost 563 #ETH stolen "so far" on mainnet. The last one was drained an hour ago, but there is more rumour that drains started on #SOL too."

ZekeEther: "is @BananaGunBot hacked?

my wallet is out $15k, completely drained. trying to check onchain transaction but TG bot is also not working.

gosh, how much worse can one life fucking get!"

Mduz_NFT: "Did anyone else got drain for 50k from @BananaGunBot?

Please tell me I'm dreaming."

"@BananaGunBot has reportedly been exploited with wallet draining incidents. Users should temporarily move all funds to ensure that they are safe - sheesh!"

"Transfer all your funds from telegram trading bots. Already seen lots of drained wallet messages about @BananaGunBot. Do not use any tg trading bots for now."

"As one of the few victims, I individually lost 128e on the exploit while I was asleep. They targetted a few specific ppl, honestly one of the most bizarre hacks I've ever seen.

Thankfully, the Banana team is goated, and I'll be seeing my funds again soon. Will keep using"

"Today, some users of Banana Gun experienced unauthorized transfers from their wallets. Promptly after the first incident, we immediately switched off the bot and began diligently checking our back-end.

We have confirmed that our back-end is not compromised. Both the router and database have been thoroughly inspected, and only a very small number of users (fewer than 10) were affected. Additionally, the transfers appear to have been executed manually.

This leads us to believe the issue may stem from a front-end vulnerability.

As we prioritize security, we will keep our bot offline while we investigate the root cause. The amount of support we've received, particularly from our partners, has been truly heartwarming. If you have any insights that may help us, feel free to send us a direct message here on Twitter."

Ultimate Outcome

"First of all, we’re humbled by the incredible bot activity on Banana Gun, even after last week’s incident. Thank you all for your patience and trust. We take this as a testament that we're handling the situation properly. As previously mentioned, our EVM and Solana bots are back online with no restrictions, except for a 2-hour transfer delay.

A total of 11 users were affected, with $3M drained. All impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Rekt - Banana Gun - Rekt (Accessed Sep 26, 2024)
  2. @BananaGunBot Twitter (Accessed Sep 26, 2024)
  3. @YannickCrypto Twitter (Accessed Sep 26, 2024)
  4. @YannickCrypto Twitter (Accessed Sep 26, 2024)
  5. @YannickCrypto Twitter (Accessed Sep 26, 2024)
  6. @BananaGunBot Twitter (Accessed Sep 26, 2024)
  7. @RektHQ Twitter (Accessed Sep 26, 2024)
  8. @Sheesh_On_Eth Twitter (Accessed Sep 26, 2024)
  9. @CryoFrosty Twitter (Accessed Sep 26, 2024)
  10. @befreeshcrypto Twitter (Accessed Sep 26, 2024)
  11. @ArbitrageScan Twitter (Accessed Sep 26, 2024)
  12. Personal Account | Arbitrage Scanner (Accessed Sep 26, 2024)
  13. @thesheikhcrypto Twitter (Accessed Sep 26, 2024)
  14. @defi_ant_degen Twitter (Accessed Sep 26, 2024)
  15. @TheCryptoChefX Twitter (Accessed Sep 26, 2024)
  16. @SwiatKrypto Twitter (Accessed Sep 26, 2024)
  17. @fud_and_cry Twitter (Accessed Sep 26, 2024)
  18. @Solidstarforlyf Twitter (Accessed Sep 26, 2024)
  19. @PetitPrinceETH Twitter (Accessed Sep 26, 2024)
  20. @PastanagaCrypto Twitter (Accessed Sep 26, 2024)
  21. @ZekeEther Twitter (Accessed Sep 26, 2024)
  22. @Mduz_NFT Twitter (Accessed Sep 26, 2024)
  23. @HRS_777 Twitter (Accessed Sep 26, 2024)
  24. @Tawkcrypto Twitter (Accessed Sep 26, 2024)
  25. @AltcoinsFrance Twitter (Accessed Sep 26, 2024)
  26. @Web3France_fr Twitter (Accessed Sep 26, 2024)
  27. @Charlie_Gems Twitter (Accessed Sep 26, 2024)
  28. @pnldailyy Twitter (Accessed Sep 26, 2024)
  29. @CryptoBullEye Twitter (Accessed Sep 26, 2024)
  30. @EzMoneyGems Twitter (Accessed Sep 26, 2024)
  31. @living_life_9 Twitter (Accessed Sep 26, 2024)
  32. @cryptocevo Twitter (Accessed Sep 26, 2024)
  33. @WawKasem Twitter (Accessed Sep 26, 2024)
  34. @Gotham_New Twitter (Accessed Sep 26, 2024)
  35. @Gotham_New Twitter (Accessed Sep 26, 2024)
  36. @Gotham_New Twitter (Accessed Sep 26, 2024)
  37. @Gotham_New Twitter (Accessed Sep 26, 2024)
  38. @IBendCrypto Twitter (Accessed Sep 26, 2024)
  39. @ManaMoonNFT Twitter (Accessed Sep 26, 2024)
  40. @stacy_muur Twitter (Accessed Sep 26, 2024)
  41. @Alaouicapital Twitter (Accessed Sep 26, 2024)
  42. @MaestroBots Twitter (Accessed Sep 26, 2024)
  43. @razvaneth Twitter (Accessed Sep 26, 2024)
  44. @denisventures Twitter (Accessed Sep 26, 2024)
  45. @Gotham_New Twitter (Accessed Sep 26, 2024)
  46. @daze05xx Twitter (Accessed Sep 26, 2024)
  47. @Talesofthechain Twitter (Accessed Sep 26, 2024)
  48. @APederzoli Twitter (Accessed Sep 26, 2024)
  49. @Gotham_New Twitter (Accessed Sep 26, 2024)
  50. @MCMongX Twitter (Accessed Sep 26, 2024)
  51. @HidalgoEric90 Twitter (Accessed Sep 26, 2024)
  52. @BotfatherTG Twitter (Accessed Sep 26, 2024)
  53. @MCMongX Twitter (Accessed Sep 26, 2024)
  54. @beincrypto_es Twitter (Accessed Sep 26, 2024)
  55. @Mamuduwill66845 Twitter (Accessed Sep 26, 2024)
  56. @ForkLog Twitter (Accessed Sep 26, 2024)
  57. @ABMedia_Crypto Twitter (Accessed Sep 26, 2024)
  58. @LeButineur_Off Twitter (Accessed Sep 26, 2024)
  59. @thepumpengine Twitter (Accessed Sep 26, 2024)
  60. @6ft6ETH Twitter (Accessed Sep 26, 2024)
  61. @0xdodonews Twitter (Accessed Sep 26, 2024)
  62. @dippy_eth Twitter (Accessed Sep 26, 2024)
  63. @KriptoAirdropTG Twitter (Accessed Sep 26, 2024)
  64. @tritonsniperio Twitter (Accessed Sep 26, 2024)
  65. @MCMongX Twitter (Accessed Sep 26, 2024)
  66. @CapGemz Twitter (Accessed Sep 26, 2024)
  67. @matty4188 Twitter (Accessed Sep 26, 2024)
  68. @cybertech_pro01 Twitter (Accessed Sep 26, 2024)
  69. @MrBeanCaller Twitter (Accessed Sep 26, 2024)
  70. @mywebacy Twitter (Accessed Sep 26, 2024)
  71. @ICODrops Twitter (Accessed Sep 26, 2024)
  72. @protectmywallet Twitter (Accessed Sep 26, 2024)
  73. @hackless_defi Twitter (Accessed Sep 26, 2024)
  74. @CryptoGrayWolf Twitter (Accessed Sep 26, 2024)
  75. @CryptopepperP Twitter (Accessed Sep 26, 2024)
  76. @ProdigyTradeBot Twitter (Accessed Sep 26, 2024)
  77. @boot2thrill Twitter (Accessed Sep 26, 2024)
  78. @hodooi Twitter (Accessed Sep 26, 2024)
  79. @Modern_Spider Twitter (Accessed Sep 26, 2024)
  80. @ForkDAOes Twitter (Accessed Sep 26, 2024)
  81. @jikan_talakawa Twitter (Accessed Sep 26, 2024)
  82. @ZoOoOoOM89 Twitter (Accessed Sep 26, 2024)
  83. @cryptonews Twitter (Accessed Sep 26, 2024)
  84. @DefiantNews Twitter (Accessed Sep 26, 2024)
  85. @young_Cryptoo Twitter (Accessed Sep 26, 2024)
  86. @ChadCaff Twitter (Accessed Sep 26, 2024)
  87. @respit_ Twitter (Accessed Sep 26, 2024)
  88. @GL_Capital_ Twitter (Accessed Sep 26, 2024)
  89. @0xImmortal_ Twitter (Accessed Sep 26, 2024)
  90. @MCMongX Twitter (Accessed Sep 26, 2024)
  91. @sicentsoicentsi Twitter (Accessed Sep 26, 2024)
  92. @tritonsniperio Twitter (Accessed Sep 26, 2024)
  93. @WenTV_io Twitter (Accessed Sep 26, 2024)
  94. @BananaBananko24 Twitter (Accessed Sep 26, 2024)
  95. @CashIsTrash_ Twitter (Accessed Sep 26, 2024)
  96. @GL_Capital_ Twitter (Accessed Sep 26, 2024)
  97. @metasolanabot Twitter (Accessed Sep 26, 2024)
  98. @PablojSojo Twitter (Accessed Sep 26, 2024)
  99. @TheJs7one Twitter (Accessed Sep 26, 2024)
  100. @hellosuoha Twitter (Accessed Sep 26, 2024)
  101. @spyflips Twitter (Accessed Sep 26, 2024)
  102. @iCryptoGuardian Twitter (Accessed Sep 26, 2024)
  103. @KriptoAirdropTG Twitter (Accessed Sep 26, 2024)
  104. @OdailyChina Twitter (Accessed Sep 26, 2024)
  105. @spyflips Twitter (Accessed Sep 26, 2024)
  106. @pierarmy_eth Twitter (Accessed Sep 26, 2024)
  107. @ghostdog3333 Twitter (Accessed Sep 26, 2024)
  108. @CryptolandOffi1 Twitter (Accessed Sep 26, 2024)
  109. @Crypto_D00M Twitter (Accessed Sep 26, 2024)
  110. @BananaGunBot Twitter (Accessed Sep 26, 2024)
  111. Trade Crypto the Banana Way | Banana Gun (Accessed Sep 26, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Banana_Gun_Telegram_Bot_Wallets_Drained&oldid=6186"