Banana Gun Refund Announcement

Banana Gun promised to refund 11 users affected by a $3 million exploit of wallets last week.

“All impacted users will be fully refunded from the Banana Gun treasury, with no tokens being sold for reimbursements,” the team posted on X late Tuesday.

Banana Gun operates one of the industry’s leading Telegram-based trading bots, enabling users to execute on-chain transactions and snipe upcoming token launches. The bot has generated over $6.3 billion in trading volume from nearly 279,000 users.

Community members first highlighted the attack last Thursday, and Banana Gun confirmed some users had witnessed “unauthorized transfers” from their wallets. This prompted the team to switch off the Ethereum Virtual Machine and Solana bot, although they claimed their back-end systems were not compromised.

“Only a very small number of users (fewer than 10) were affected. The transfers appear to have been executed manually, suggesting the issue may stem from a front-end vulnerability,” the project said at the time.

Ultimately, 11 users were affected, with the attack targeting “smart money” traders and crypto veterans noted for their social presence or trading expertise.

“After a thorough investigation by the Banana Gun development team and outside experts, we identified a potential vulnerability in the Telegram message oracle we use, which may have led to the exploit,” the team stated.

The bots returned online after the issue was patched last Friday, and no attacks have occurred since. Mitigations now include a two-hour transfer delay, adding two-factor authentication for transfers, and audits of both the back-end and front-end systems.