On-chain trading platform Thunder Terminal recently faced a security breach, resulting in the compromise of 114 wallets and a loss of approximately $240,000. The platform, however, has assured its users that their funds are now secure following the incident.
The exploit, which occurred on December 27, led to the loss of 86.5 Ether (ETH) and 439 Solana (SOL), valued at around $240,000. Thunder Terminal reported that the attack lasted just nine minutes and was due to an attacker gaining access to a MongoDB connection URL. This access enabled the attacker to execute unauthorized withdrawals from user accounts. Thunder Terminal linked this vulnerability to a breach at MongoDB eight days prior, which compromised their data.
Despite the breach, Thunder Terminal emphasized that no private keys or wallets were directly compromised. They assured their 14,000 users that only 114 wallets were affected and pledged to fully refund those impacted. Additionally, the affected users were promised 0% fees and $100,000 in platform credits.
However, the attacker disputed Thunder Terminal’s claims in a message left on Etherscan, alleging that Thunder’s statements were “all lies.” The hacker demanded a ransom of 50 ETH (approximately $110,000) in exchange for the supposedly stolen user data, claiming to possess all the user data and threatening to delete it upon payment.
In response to the incident, Thunder Terminal has committed to enhancing its security measures and expressed willingness to negotiate with the hacker for the return of the stolen funds. The platform also clarified that it does not have access to users’ private keys, suggesting that the hacker could not have accessed them either.
Etherscan data revealed that the hacker’s wallet address transferred a total of 86.3 ETH to the Railgun protocol, a service that enables users to anonymize their transactions.
Thunder Terminal, launched by Eversify Labs in late 2022, is designed for rapid trading across multiple blockchain networks, including Ethereum, Solana, Avalanche, and Arbitrum. It emerged as a competitor to popular Telegram trading bots like Unibot, especially during the heightened interest in memecoins in the latter half of the year.
Cointelegraph reached out to Thunder Terminal for further comments but had not received a response at the time of the report.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up