Hacker Says Money Is Safe After Thunder Terminal $240K Attack
On-chain trading platform Thunder Terminal says user funds are safe after foiling a $240,000 exploit that compromised 114 wallets on its platform. The hacker, however, is demanding more ransom for user information, claiming that “it's all lies.”
In an incident report filed on December 27 following the exploit, Thunder assured users that no private keys or wallets had been compromised. Thunder wrote that the total losses during the attack were 86.5 Ether (ETH) and 439 Solana (SOL) – a total of $240,000 – over nine minutes.
Incident report
At 12:11:47 AM UTC, suspicious withdrawals started sending to Thunder wallets.
A malicious actor gained access to the MongoDB connection URL, which he used to pull session tokens and execute withdrawals on behalf of users.
At 12:20:35 AM UTC, the last…
— Thunder (@ThunderTerminal) December 27, 2023
He explained that the exploit was achieved by the attacker accessing a “MongoDB connection URL”. According to the incident report, the MondoDB company was exploited eight days ago, resulting in a Thunder data breach.
Thunder reiterated that only 114 out of 14,000 wallets were breached and that all affected users will receive full refunds as well as 0% fees and $100,000 in platform credits.
No one's private keys were stolen.
Only 114 wallets out of 14,000 were affected.
Money is safe in the future. We stopped the attack in <9 minutes. https://t.co/BPzeAg4cz8
— Thunder (@ThunderTerminal) December 27, 2023
While Thunder assures its users that all their data is safe, a note left by the attacker on EtherScan states that the exploit claims that Thunder's authentication is “all false” and demands a ransom of 50 ETH ($110,000) for the allegedly compromised data. .
“We have all user data. 50 ETH and we will delete the data,” the hacker wrote.
Thunder said it would take additional measures to ensure security and was open to negotiating with the hacker to return the stolen funds.
Thunder didn't mention anything about the hackers' ultimatum, but added that since there's no access to users' private keys, there's no way for an exploit to use it.
Related: Crypto thieves will deploy more convincing AI scams by 2024
Etherscan data shows that the hackers' wallet addresses sent a total of 86.3 ETH to the Railgun protocol, a service that allows users to divulge their conversations.
Thunder Terminal is a trading platform designed for fast trading on multiple blockchain networks including Ethereum, Solana, Avalanche and Arbitrum.
Launched by Eversify Labs in late 2022, the trading platform positions itself as a competitor to Telegram trading bots like Unibot, which gained popularity during the boom in the market for memecoins in the latter half of this year.
Cointelegraph reached out to Thunder Terminal for comment but did not receive an immediate response.
Magazine: Diffie's Billion Dollar Secret: Insiders Responsible for Hacking