Solareum, a Telegram trading bot for trading Solana-based tokens, recently announced its closure after an exploit resulted in the theft of over 2,000 Solana (SOL) tokens from users’ wallets. The developers cited insufficient funds, evolving market trends, and a recent security breach as the reasons for the shutdown. The team highlighted that they could no longer ensure the safety of users due to the lack of funds and unsuccessful attempts to secure additional funding following the exploit. The Telegram trading bot lost over 2,800 SOL tokens totaling an estimated $523K from 302 Solana users due to an alleged leak of private keys that enabled wallet drainers to steal the tokens.
Following the exploit, BONKbot, the largest Telegram trading bot on Solana, was initially suspected to be behind the attack as it recorded 113 victims from the compromised wallet addresses. However, the security team behind BONKbot refuted these allegations, stating that all affected users had previously exported and utilized their private keys on a Telegram bot, later clarified to be Solareum. The team behind BONKbot denied any involvement and maintained that their platform was safe, pointing out that the exploit was occurring elsewhere in the ecosystem, with user accounts being drained after they exported their private keys.
In response to the allegations of an exit scam, the Solareum team clarified that they do not steal money and that the drained wallets were part of a widespread exploit affecting other bot projects and DApps. This incident is not the first time Solana-based wallets have been targeted by hackers, as previous phishing attacks in January and hacking incidents in October 2023 resulted in millions of dollars’ worth of assets being stolen. The Solareum team has since collaborated with authorities to freeze stolen assets if they are transferred to centralized exchanges and has urged users to retrieve any relevant data or assets promptly as they wind down their services.
Despite the collaboration with authorities, there has been no mention of a compensation plan for affected users, leading to concerns among victims who are contemplating legal action if Solareum fails to address reimbursements. The lack of clarity on whether the exploit was an external breach or an internal move to rugpull customers further complicates the situation. It is crucial for users to exercise caution and protect their private keys when using Telegram trading bots to mitigate the risks of potential exploits and thefts. As the investigation into the security breach continues, affected users will need to stay informed about any developments regarding the recovery of stolen funds and potential compensations.