Thunder Terminal, an on-chain crypto trading platform, experienced a security exploit today, resulting in the loss of 86.5 ETH (roughly $192,000) and 439 SOL (around $47,800). However, the platform assured that no private keys were compromised, and it has taken steps to secure users’ funds.
According to Thunder Terminal’s statement on X (formerly Twitter), the incident affected only 114 out of more than 14,000 wallets on the platform. The company confirmed that funds are secure moving forward and claimed to have halted the attack in under nine minutes. They also plan to refund all lost funds in full and offer affected users 0% fees and $100,000 in credits each.
The attacker, however, disputed Thunder Terminal’s claims in an on-chain note, alleging that they possess user data and demanding a ransom of 50 ETH for its deletion. This claim adds a layer of complexity to the incident, raising concerns about the safety of user data.
Thunder Terminal’s incident report identified the cause of the exploit as unauthorized withdrawal requests, which were processed due to leaked session tokens. This breach occurred through a MongoDB connection URL, which the attacker exploited to carry out the withdrawals.
At 12:11:47 AM UTC, suspicious withdrawals started getting sent through Thunder wallets.
A malicious actor got access to a MongoDB connection URL which they used to pull session tokens and execute withdrawals on behalf of users.
At 12:20:35 AM UTC, the last…
— Thunder (@ThunderTerminal) December 27, 2023
Introduced by Eversify Labs in late 2022, Thunder Terminal is designed for quick transactions across multiple blockchain networks, including Ethereum, Solana, Avalanche, and Arbitrum. It positions itself as an alternative to Telegram trading bots like Unibot.
The incident underscores the ongoing cybersecurity challenges faced by on-chain trading platforms and the importance of robust security measures in the rapidly evolving cryptocurrency sector. Thunder Terminal’s prompt response and commitment to refunding affected users highlight the platform’s efforts to maintain user trust and security in the wake of the exploit