Thunder Terminal claims funds safe after $240K attack, hacker says otherwise

    2023.12.27 | exchangesranking | 77onlookers

    On-chain trading platform Thunder Terminal says user funds are now safe after thwarting a $240,000 exploit that compromised 114 wallets on its platform. The hacker, however, says it’s "all lies" and is demanding an additional ransom for user data. 

    In a Dec. 27 incident report following the exploit, Thunder assured users that no private keys or wallets had been compromised. Thunder wrote that the total losses incurred during the attack amounted to 86.5 Ether (ETH) and 439 Solana (SOL) — totaling $240,000 — over just nine minutes.

    It stated the exploit resulted from an attacker gaining access to a “MongoDB connection URL,” which allowed the exploiter to execute withdrawals on behalf of users. According to the incident report, the MondoDB company was exploited eight days ago, resulting in a breach of Thunder’s data. 

    Thunder reiterated that only 114 out of 14,000 wallets had been compromised and that all affected users would be refunded fully as well as awarded 0% fees and $100,000 in platform credits. 

    While Thunder reassured its users that all their data was safe, a memo left by the attacker on Etherscan said otherwise, with the exploiter claiming that Thunder's assurances were “all lies,” and demanded a 50 ETH ($110,000) ransom for the supposedly affected data. 

    "We have all the user data. 50 ETH and we will delete the data," wrote the hacker.

    Thunder said it would be taking extra steps to ensure security and remained open to negotiations with the hacker to have the stolen funds returned. 

    While Thunder did not make any mention of the hackers' ultimatum, it added that it does not have access to users' private key, so there would be no way for the exploiter to have gained access to them.

    Related: Crypto thieves will deploy more convincing AI scams in 2024, firms warn

    Etherscan data shows that hackers' wallet address sending a total of 86.3 ETH to the Railgun protocol, a service that allows users to anonymize their transactions. 

    Thunder Terminal is a trading platform specifically designed for quick trades across several blockchain networks including Ethereum, Solana, Avalanche and Arbitrum.

    Launched by Eversify Labs in late 2022, the trading platform positions itself as a competitor to Telegram trading bots such as Unibot, which gained massively in popularity in the latter half of this year amid a marketwide frenzy for memecoins. 

    Cointelegraph contacted Thunder Terminal for comment but did not receive an immediate response. 

    Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks

    The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other ssues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.