Solana Telegram Trading Bot to Shut Down After Users Drained of $523K

Solana Telegram Trading Platform Forced to Shut Down Following $523K Loss

The creators of Solareum, a Telegram-based trading application for Solana tokens, have announced that they will be shutting down the platform after experiencing a breach that resulted in a loss of approximately $523,000 worth of SOL tokens from user wallets. The exploit affected over 300 Solana users and initially raised suspicions about the popular Telegram trading bot, BONKbot. However, the team behind BONKbot denied any involvement, stating that users impacted by the exploit had already shared their private keys with other applications.

Solareum later acknowledged the possibility of being exploited in a Twitter response, and on Saturday, the team expressed their regret in an announcement on Telegram, explaining that insufficient funds, changing market trends, and the recent security breach had forced them to make the difficult decision to shut down the project. Despite their efforts to seek additional funding and strengthen security measures, the breach compromised the platform’s integrity, leaving them unable to guarantee user safety due to the lack of funds.

While Solareum’s team plans to involve authorities in freezing any stolen cryptocurrency assets that may be sent to centralized exchanges, they have not revealed any plans for compensating affected users. This has led to a wave of demands for answers from users in their Telegram channel, with some even threatening legal action. Decrypt attempted to reach out to Solareum for comment but has not received any response thus far.

Initially, many in the community suspected BONKbot, the largest Telegram trading bot on Solana with over 270,000 claimed users, to be responsible for the exploit. However, the BONKbot team swiftly denied any connection and shared their data, which indicated that the exploit was linked to a specific application where users had exported their private keys. On Monday, BONKbot confirmed that Solareum was indeed the application involved.

According to the BONKbot team, they have been working with the security community to analyze the exploit, and while victims had interacted with various apps and wallets, the correlation pointed to Solareum. However, without access to Solareum’s codebase or logs, their analysis remains probabilistic rather than deterministic. It is still uncertain whether the breach was external or an internal drain, so the BONKbot team refrained from accusing anyone publicly.

This incident underscores the importance of security measures in crypto trading platforms and the need for user vigilance in safeguarding their private keys.