Users of the Telegram-based cryptocurrency trading bot Banana Gun have been drained of nearly $2 million worth of digital assets.

Banana Gun enables Telegram users to trade on some of the most popular blockchains, such as Ethereum, Solana and Base.

However, at least 11 attackers have drained a collective $1.9 million worth of crypto from the bot’s users, according to onchain security firm Cyvers’ senior Security Operation Center lead, Hakan Unal.

Unal told Cointelegraph:

“It appears that BananaGunBot wallets are being drained. Our system has detected around 11 attackers (potentially more), and approximately $1.9 million has been stolen. Hundreds of users have already been affected."

Cyvers shared the 11 attacker addresses exclusively with Cointelegraph:

Telegram bot Banana Gun’s users drained of over $1.9M image 0

Banana Gun bot, 11 attacker addresses. Source: Cyvers

The attackers have drained the wallets of at least 36 victims, according to pseudonymous crypto sleuth Yannick Crypto, who wrote in a Sept. 19 X post:

Telegram bot Banana Gun’s users drained of over $1.9M image 1

Banana Gun Bot hack. Source: Yannick Crypto

The incident occurred two months after a hacker stole over $230 million from WazirX , an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024 so far.

Related: BTC rallies past $62.6K after BlackRock issues Bitcoin white paper

Is the Banana Gun Bot hack over?

Despite the lack of information, the attack doesn’t point to a wider smart contract vulnerability, according to Hakan Unal, senior blockchain scientist at Cyvers, who told Cointelegraph:

“Per our investigation so far, it doesn't seem like a contract exploit. It might be small amounts that are being drained from their users.”

The number of victims suggests that the hacker didn’t successfully infiltrate the entire trading bot, only an isolated number of accounts, according to the pseudonymous crypto sleuth, who added: 

“There were less than 40 victims out of 10,000+ with probably $100 million AUM, also the transaction heuristic doesn’t tell a hack on their site.”

The hack occurred nearly two weeks after the notorious crypto drainer toolkit Angel Drainer came back online, with a new and improved version that has already deployed hundreds of malicious apps.

It is unclear whether the Banana Gun Bot incident was related to Angel Drainer.

Related: Vitalik Buterin sings at Token2049, highlights low L2 fees as ETH milestone

Are Bitcoin ETFs the next major targets for hackers?

North Korean hackers, including the infamous Lazarus Group, may begin targeting larger objectives, including United States-based Bitcoin ( BTC ) exchange-traded funds (ETFs).

Hackers could start shifting their attention to the US Bitcoin ETFs due to the sizable potential bounty, according to Michael Pearl, vice president of GTM strategy at onchain security company Cyvers, who told Cointelegraph:

“Only recently the FBI has issued a warning that North Korean hackers are going to try to infiltrate and steal money from ETFs. So, all those ETFs […] are storing the base Bitcoin somewhere. And you can be certain that somebody is already planning and thinking of how they're going to steal it.”

Cyvers’ Michael Pearl, interview with Cointelegraph’s Zoltan Vardai, clip 1. Source: Cointelegraph


Magazine: 2 auditors miss $27M Penpie flaw, Pythia’s ‘claim rewards’ bug: Crypto-Sec