Key takeaways:
- The on-chain trading platform Thunder Terminal was hit by a security breach
- The platform lost 86.5 Ethereum (ETH) valued at $192,000.
- According to the platform, no private keys nor wallets were compromised.
In a recent security breach, Thunder Terminal, an onchain trading platform, experienced a significant loss of approximately $240,000 as a hacker exploited vulnerabilities to withdraw SOL and ETH from more than 100 user wallets.
The incident was acknowledged by Thunder Terminal in a post on December 27, revealing that the breach occurred through unauthorized access to a MongoDB connection URL.
The attacker utilized this access to retrieve session tokens, enabling them to execute withdrawals on behalf of users. The attack concluded at 12:20 AM UTC on December 27, after Thunder Terminal took immediate action by revoking all session tokens and transaction signing access for security reasons.
In an incident report issued on the same day, Thunder Terminal reassured users that no private keys or wallets had been compromised. The total losses incurred during the exploit amounted to 86.5 Ether and 439 Solana, totaling $240,000, within a brief nine-minute timeframe.
Contrary to initial statements assuring the security of funds and the imminent reimbursement of stolen funds, Thunder Terminal later issued a new statement emphasizing that “No one’s private keys are at risk.” The statement clarified that only 114 out of more than 14,000 wallet addresses were affected, and funds were secure moving forward.
Thunder Terminal detailed the attack’s mechanism in a subsequent post, explaining that no private keys were stored on the platform. The attacker gained access through withdrawal requests the server considered authorized due to leaked session tokens.
The platform emphasized that desktop wallets remained unaffected.
Blockchain sleuth ZachXBT reported that the attacker transferred 86.5 ETH (worth approximately $192,500) to Railgun, a privacy-focused protocol enabling anonymous cryptocurrency swaps and private transactions. Additionally, over 439 SOL (around $49,160) were stolen in the attack.
Initially attributing the attack to a compromise of its third-party provider, Thunder Terminal assured users that funds were safe and refunds would be processed shortly.
However, the hacker entity contradicted these claims by sending an onchain message, alleging that the Thunder team was lying and asserting possession of all user data, which would be deleted upon receiving 50 ETH.
As of now, Thunder Terminal has not officially responded to the hacker’s message. The team has reported the incident to the FBI and expressed a willingness to negotiate with the exploiter for the return of user funds. Otherwise, they are prepared to pursue legal action to the fullest extent of the US judicial system.
