Banana Gun: Telegram Message Oracle Vulnerability

Banana Gun's Telegram oracle was exploited to manually drain $3M from 11 high-profile crypto traders in a surgical, real-time attack across Ethereum and Solana.

Occurred 2024-09-19 Loss $3M Status closed

Summary #

Banana Gun suffered a Trading Bot / Telegram Bot Infrastructure on 2024-09-19, resulting in a loss of approximately $3M.

What happened #

Banana Gun's Telegram oracle was exploited to manually drain $3M from 11 high-profile crypto traders in a surgical, real-time attack across Ethereum and Solana.

Linked factors #

RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited (off-chain component)]
RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — the Telegram message oracle itself was the attack surface]