Bonkbot and Solareum exploited on Solana for more than 500k worth of SOL

BONKbot, a popular Solana Telegram trading bot, was recently impacted by a possible exploit that resulted in significant financial losses for its users. Cybersecurity firm CertiK estimated that over $208,000 were stolen in the attack.

Bonbot has been exploited on Solana

Original post from Bonkbot

What Happened?

The exact cause of the exploit remains unclear. Both BONKbot and other users point fingers at different culprits. BONKbot claims the issue stemmed from users exporting their private keys, which were then compromised in another application.

However, some users who did not export keys reported losses, and others who exported keys to seemingly unrelated applications like Sol-Incinerator were also affected.

X post of a user who get drained using Bonkbot

Solareum Under Fire

BONKbot placed blame on a “specific application,” with some users speculating it to be Solareum, a Solana-based project. Solareum denies any wrongdoing and claims the exploit might be wider, impacting other bots and dApps (decentralized applications).

They believe hackers might have stolen the Telegram bot token, gaining access to past messages containing private keys.

Confusion Reigns Supreme

The incident has caused significant confusion and frustration among users. The number of affected users remains disputed, with BONKbot claiming only 0.1% were impacted, while some users believe the true number is much higher.

Additionally, reports of users being banned from the BONKbot chat for raising concerns further erode trust.

Find more information on this coinpaper article.

Maestro, Unibot and banana also have been exploited few month ago

BONKbot isn’t the first bot being exploited.

We recently saw an exploit on Maestro, another one on Unibot and Banana gun who refunded 740 ETH to wallets affected by a vulnerability

If you are using a trading or sniping bot on Solana, Base, Ethereum or any other chain, it’s important that you use a safe bot and follow some security rules.

Using the right trading bot

Our Telegram bot, Prodigy, has never been exploited and uses top security practices to ensure your funds are safe.

Prodigy Bot leverages robust security measures, and no user exploits have been reported.

Additionally, we do not store any private keys within the bot and allow users to generate a new wallet directly within Prodigy, eliminating the need to connect an existing wallet.

Prodigy bot is also available on 20+ chains with the same security level.

You can try our bot using this link

Prodigy Sniper Bot

Securing Yourself While Trading with Bots

Here are some crucial steps to take to improve your security when using trading bots:

• Never share your private keys: This is the golden rule of crypto security. Private keys grant access to your funds, and if compromised, your holdings can be stolen.
• Use strong, unique passwords: Avoid using the same password for your bot and exchange accounts. Implement two-factor authentication (2FA) for added protection.
• Research the bot thoroughly: Choose a reputable bot with a proven track record and a strong security posture.
• Minimize private key exports: If the bot requires exporting private keys, understand the purpose and only do so if absolutely necessary. Consider alternative bots that don’t require this step.
• Stay informed: Keep yourself updated on potential security threats and vulnerabilities related to trading bots and the broader crypto ecosystem.

By following these practices, you can significantly reduce the risk of falling victim to similar exploits in the future. Remember, security is your responsibility in the crypto space.

Conclusion

Focus on Security, Not Just Features:

While features are important, prioritize a bot that implements top-tier security measures to protect your valuable assets. Here’s what to look for:

• Strong Encryption: Ensure the bot uses industry-standard encryption like AES-256 to safeguard your data.
• Private Key Protection: Look for bots that never store your private keys. Consider those that allow generating new wallets within the platform, eliminating the need to connect an existing wallet.
• Transparent Security Practices: Reputable bots are transparent about their security measures. Research the bot’s security protocols and look for independent audits if available.

We Can Help:

We understand the importance of security in crypto trading. If you’re looking for a secure option, Prodigy bot offers robust security features.

Prodigy Sniper Bot

Remember:

Stay vigilant and conduct your own research before using any trading bot. Security is a shared responsibility.