Thunder Terminal successfully thwarted a $240,000 exploit targeting 114 wallets, ensuring user funds’ security. The incident involved an attacker gaining access to a MongoDB connection URL, executing withdrawals on behalf of users.
The on-chain trading platform Thunder Terminal successfully thwarted a $240,000 exploit that targeted 114 wallets on its platform, assuring users that their funds are secure. Despite this, the hacker refutes the claims, labeling them as “all lies” and is now demanding an additional ransom for user data.
According to Thunder’s incident report on December 27, no private keys or wallets were compromised during the exploit. The total losses from the attack amounted to 86.5 Ether (ETH) and 439 Solana (SOL), equivalent to $240,000, transpiring over a brief nine-minute period.
Thunder Terminal, introduced by Eversify Labs in late 2022, stands as a trading platform tailored for swift transactions across multiple blockchain networks, including Ethereum, Solana, Avalanche, and Arbitrum. The platform positions itself as a contender against Telegram trading bots like Unibot.
The incident report revealed that the exploit occurred when an attacker obtained access to a “MongoDB connection URL,” enabling them to execute withdrawals on behalf of users. The compromise stemmed from the exploitation of MongoDB’s system eight days prior, leading to a breach in Thunder’s data. Thunder emphasized that only 114 wallets out of 14,000 stands impacted, assuring affected users of full refunds, along with additional benefits such as 0% fees and $100,000 in platform credits.
Incident Report
At 12:11:47 AM UTC, suspicious withdrawals started getting sent through Thunder wallets.
A malicious actor got access to a MongoDB connection URL which they used to pull session tokens and execute withdrawals on behalf of users.
At 12:20:35 AM UTC, the last…
— Thunder (@ThunderTerminal) December 27, 2023
The Hacker Makes Big Claims
Despite Thunder’s assurance of user data safety, a message from the attacker on Etherscan contradicted this, alleging that Thunder’s statements were “all lies.” The hacker claimed to possess all user data and demanded a 50 ETH ($110,000) ransom for its deletion. Etherscan data indicated that the hackers’ wallet sent 86.3 ETH to the Railgun protocol for anonymizing transactions.
While Thunder did not directly address the ransom demand, it emphasized its lack of access to users’ private keys, refuting the possibility of the exploiter gaining such access. Thunder committed to enhancing security measures and expressed openness to negotiations with the hacker for the return of the stolen funds.
In another development, the decentralized finance (DeFi) platform Telcoin has encountered a $1.3 million exploit attributed to issues with the proxy implementation of the wallet on Polygon.
Telcoin stated:
“We plan to restore all wallets to their previous balances (for all affected assets) prior to turning the app service back on, which may take some time. No keys, backend systems, or user data were breached. We will provide another update soon and appreciate everyone’s patience and support.”
Blockchain security firm PeckShield estimates that the hackers managed to pilfer approximately $1.3 million worth of crypto through the exploit. The provided screenshot indicates a nearly 37% drop in the price of TEL over the past 24 hours.