Banana Gun: 11 users lost $3 million in previous security incidents, which will be fully compensated by the treasury

Odaily News Telegram Bot project Banana Gun released a security incident update on X: its EVM and Solana robots have been back online with no restrictions except for a 2-hour transfer delay. A total of 11 users were affected, with a loss of $3 million. All affected users will be fully compensated by the Banana Gun Treasury, and no compensation will be made through the sale of tokens. After a comprehensive investigation by the Banana Gun development team and external experts, it was found that the Telegram message oracle used by Banana Gun had a potential vulnerability that may have led to the attack. After fixing this issue, Banana Gun implemented enhanced security measures and reactivated the robot. Future mitigation measures are as follows: - Deployment of a 2-hour transfer delay; - Adding 2FA for transfers (to be completed soon); - A thorough review of the backend and frontend systems; - Redeploying the backend and switching to a new server; - Collaborating with the Security Alliance (one of the leading security teams in Web3) for investigation; - Penetration testing and more audits of the webapp and TG robots are coming soon.