On-chain trading platform Thunder Terminal says user funds are now safe after thwarting a $240,000 exploit that compromised 114 wallets on its platform. The hacker, however, says it’s "all lies" and is demanding an additional ransom for user data.
In a Dec. 27 incident report following the exploit, Thunder assured users that no private keys or wallets had been compromised. Thunder wrote that the total losses incurred during the attack amounted to 86.5 Ether (ETH) and 439 Solana (SOL) — totaling $240,000 — over just nine minutes.
Incident Report
— Thunder (@ThunderTerminal) December 27, 2023
At 12:11:47 AM UTC, suspicious withdrawals started getting sent through Thunder wallets.
A malicious actor got access to a MongoDB connection URL which they used to pull session tokens and execute withdrawals on behalf of users.
At 12:20:35 AM UTC, the last…
It stated the exploit resulted from an attacker gaining access to a “MongoDB connection URL,” which allowed the exploiter to execute withdrawals on behalf of users. According to the incident report, the MondoDB company was exploited eight days ago, resulting in a breach of Thunder’s data.
Thunder reiterated that only 114 out of 14,000 wallets had been compromised and that all affected users would be refunded fully as well as awarded 0% fees and $100,000 in platform credits.
No one's private keys are compromised.
— Thunder (@ThunderTerminal) December 27, 2023
Only 114 wallets out of over 14,000 were affected.
Funds are safe going forward. We stopped the attack in https://t.co/BPzeAg4cz8
While Thunder reassured its users that all their data was safe, a memo left by the attacker on Etherscan said otherwise, with the exploiter claiming that Thunder's assurances were “all lies,” and demanded a 50 ETH ($110,000) ransom for the supposedly affected data.
"We have all the user data. 50 ETH and we will delete the data," wrote the hacker.
Thunder said it would be taking extra steps to ensure security and remained open to negotiations with the hacker to have the stolen funds returned.
While Thunder did not make any mention of the hackers' ultimatum, it added that it does not have access to users' private key, so there would be no way for the exploiter to have gained access to them.
Related: Crypto thieves will deploy more convincing AI scams in 2024, firms warn
Etherscan data shows that hackers' wallet address sending a total of 86.3 ETH to the Railgun protocol, a service that allows users to anonymize their transactions.
Thunder Terminal is a trading platform specifically designed for quick trades across several blockchain networks including Ethereum, Solana, Avalanche and Arbitrum.
Launched by Eversify Labs in late 2022, the trading platform positions itself as a competitor to Telegram trading bots such as Unibot, which gained massively in popularity in the latter half of this year amid a marketwide frenzy for memecoins.
Cointelegraph contacted Thunder Terminal for comment but did not receive an immediate response.
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks