- Thunder Terminal has been exploited for thousands of dollars.
- The platform claimed to have thwarted the attack.
- The attacker’s counterclaims and ultimatum suggested otherwise.
On-chain trading platform Thunder Terminal claims to have thwarted a recent exploit that compromised some of its user wallets and led to a loss of thousands of dollars. Yet, the hacker still demanded a ransom payment.
On December 27, Thunder Terminal issued an alert on X (Twitter), confirming that it had been exploited via a compromised third-party service, which later turned out to be a MongoDB connection URL.
Thunder Terminal Stops the Attack in “Nine Minutes,” Reassures Users of Safety
In a follow-up update, the platform stated that it had stopped the attack in less than nine minutes and reiterated that user funds were safe going forward.
No one's private keys are compromised.
Only 114 wallets out of over 14,000 were affected.
Funds are safe going forward. We stopped the attack in <9 minutes. https://t.co/BPzeAg4cz8
— Thunder (@ThunderTerminal) December 27, 2023
Two hours after the attack, Thunder Terminal sought to reassure its users of the platform’s safety in a detailed incident report, clarifying that no private keys nor wallets had been compromised following the hack.
“We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected. Less than 1% of wallets on our platform were affected as a result of this attack,” the report read.
Confirming that 86.5611512804 ETH and 439.12232317 SOL (about $240,0000) had been lost in the attack, the platform promised the affected users full refunds on top of 0% fees and $100k in credits each.
But despite the reassurance, Thunder Terminal users were confused when the attacker issued counterclaims to the incident report and claimed access to user data.
Attacker’s Ultimatum and Counterclaims
The attacker left a message on Etherscan disputing Thunder Terminal’s reassurances as “all lies” and demanding 50 ETH ransom to delete “all the user data.”
While Thunder Terminal has yet to respond to the attacker’s demands, blockchain detective ZachXBT revealed that the bad actor transferred 86.5 ETH (approximately $192,500) to Railgun. This privacy-centric protocol allows users to swap crypto and make private transactions anonymously.
Read how the Telcoin App was recently exploited:
Telcoin App Suffers $1.3M Exploit, TEL Token Plunges 48%
Stay updated on the top 2023 crypto hacks:
Biggest Crypto Hacks of 2023 Resulted in Over 70% of Losses
Related articles
What Is EVM Parallelization, and Why Is It Driving Sei Hype?
Whales Flip 95M SOL, MATIC, Challenging Market Correction
