In a recent incident, Thunder Terminal, the on-chain trading platform, successfully thwarted an exploit that compromised 114 wallets, resulting in losses of $240,000. The attacker, however, has disputed Thunder’s claims of user data safety, demanding a ransom for the purportedly affected information.
The exploit and losses
On December 27, Thunder Terminal issued an incident report revealing that it had suffered an exploit leading to the compromise of 114 user wallets. The attacker managed to execute unauthorized withdrawals, resulting in a total loss of 86.5 Ether and 439 Solana, equivalent to $240,000, all within just nine minutes.
According to Thunder’s incident report, the breach occurred due to an attacker gaining access to a “MongoDB connection URL,” which subsequently allowed them to initiate these unauthorized transactions. The breach itself was linked to an exploitation of MongoDB that transpired eight days before the incident.
Thunder Terminal’s response
Despite the breach, Thunder Terminal sought to reassure its users, emphasizing that no private keys or wallets had been compromised. The platform pledged to fully refund all affected users, providing them with 0% fees and $100,000 in platform credits as a goodwill gesture.
Thunder also stressed that the exploit affected only a small fraction of its user base, specifically 114 out of 14,000 wallets. The company affirmed its commitment to security and announced its intention to take extra precautions to safeguard user funds in the future.
Hacker’s ultimatum and counterclaims
However, tensions escalated as the attacker contradicted Thunder’s assurances. In a message on Etherscan, the hacker declared that Thunder’s statements were “all lies” and demanded a ransom of 50 ETH, equivalent to $110,000, for the allegedly compromised user data. The message conveyed that the attacker possessed all the user data and would delete it upon receiving the ransom.
While not directly addressing the hacker’s request in its official response, Thunder Terminal reaffirmed that it could not access users’ private keys. This statement implied that there should be no way for the attacker to access such sensitive information.
Security measures and negotiations
Thunder Terminal is taking proactive steps to enhance its security infrastructure in light of the incident. The platform has expressed willingness to negotiate with the hacker to facilitate the return of the stolen funds, demonstrating its commitment to resolving the situation amicably.
Etherscan data indicates that the hacker has initiated transfers of the stolen assets, with 86.3 ETH being sent to the Railgun protocol, a service known for anonymizing transactions on the blockchain.
Thunder Terminal, launched by Eversify Labs in late 2022, is a trading platform tailored for swift transactions across various blockchain networks, including Ethereum, Solana, Avalanche, and Arbitrum. Positioned as a competitor to popular Telegram trading bots like Unibot, Thunder Terminal entered the market amid a surge in demand for meme coins in the latter part of the year.
