Thunder Terminal Has Been Hacked, $240,000 Worth Of ETH And SOL Lost
Latest News News

Thunder Terminal Has Been Hacked, $240,000 Worth Of ETH And SOL Lost

  • Thunder Terminal has been hacked
  • 114 wallets were attacked, Ethereum and Solana worth $240,000 were lost.
  • However, the trading platform claimed that users’ funds are safe but the hacker disputed the claim.
  • Thunder promises refunds, boosts security, and negotiates with the attacker.

In a recent incident, Thunder Terminal, the on-chain trading platform, claimed to have successfully thwarted an exploit that compromised 114 wallets, resulting in losses of $240,000. 

The attacker, however, has disputed Thunder’s claims of user data safety, demanding a ransom for the purportedly affected information. 

The Exploit And Losses

On December 27, Thunder Terminal issued an incident report revealing that it had suffered an exploit leading to the compromise of 114 user wallets. 

The attacker managed to execute unauthorized withdrawals, resulting in a total loss of 86.5 Ether and 439 Solana, equivalent to $240,000, all within just nine minutes.

According to Thunder’s incident report, the breach occurred due to an attacker gaining access to a “MongoDB connection URL,” which subsequently allowed them to initiate these unauthorized transactions. 

The breach itself was linked to an exploitation of MongoDB that transpired eight days before the incident.

Thunder Terminal’s Response

Despite the breach, Thunder Terminal sought to reassure its users, emphasizing that no private keys or wallets had been compromised. 

The platform pledged to fully refund all affected users, providing them with 0% fees and $100,000 in platform credits as a goodwill gesture.

Thunder also stressed that the exploit affected only a small fraction of its user base, specifically 114 out of 14,000 wallets. The company affirmed its commitment to security and announced its intention to take extra precautions to safeguard user funds in the future.

See Also: Watch Out: Crypto Thieves Will Deploy More Convincing AI Scams In 2024

Hacker’s Ultimatum And Counterclaims

However, tensions escalated as the attacker contradicted Thunder’s assurances. In a message on Etherscan, the hacker declared that Thunder’s statements were “all lies” and demanded a ransom of 50 ETH, equivalent to $110,000, for the allegedly compromised user data. 

The message conveyed that the attacker possessed all the user data and would delete it upon receiving the ransom.

While not directly addressing the hacker’s request in its official response, Thunder Terminal reaffirmed that it could not access users’ private keys. This statement implied that there should be no way for the attacker to access such sensitive information.

Security Measures And Negotiations

Thunder Terminal is taking proactive steps to enhance its security infrastructure in light of the incident. 

The platform has expressed willingness to negotiate with the hacker to facilitate the return of the stolen funds, demonstrating its commitment to resolving the situation amicably.

Etherscan data indicates that the hacker has initiated transfers of the stolen assets, with 86.3 ETH being sent to the Railgun protocol, a service known for anonymizing transactions on the blockchain.

Thunder Terminal, launched by Eversify Labs in late 2022, is a trading platform tailored for swift transactions across various blockchain networks, including Ethereum, Solana, Avalanche, and Arbitrum. 

Positioned as a competitor to popular Telegram trading bots like Unibot, Thunder Terminal entered the market amid a surge in demand for meme coins in the latter part of the year.

Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.