Fighting $240,000 attack disputes hacker’s claims

Thunder Terminal, an on-chain trading platform, recently faced a serious security incident when it admitted that a third-party compromise resulted in a $240,000 exploit across 114 wallets. Despite Thunder’s assurances that user funds are now safe, the hackers responsible dispute this claim, claiming it is “all lies” and demanding an additional ransom for user data.

In an incident report published on December 27, Thunder Terminal stated that the exploit resulted in a total loss of 86.5 Ether and 439 Solana in a short 9 minutes. Attackers exploited Thunder’s data breach, which occurred eight days before MongoDB was targeted, to gain unauthorized access via a compromised “MongoDB connection URL.”

Thunder Terminal highlighted that only 114 out of 14,000 wallets were compromised, and promised full refunds to affected users, along with 0% fees and $100,000 in platform credit. The platform claimed that no private keys or wallets were compromised.

Contrary to Thunder’s assurances, the attacker left a note on Etherscan disputing the platform’s claims. Calling this “all lies” and demanding a ransom of 50 ETH ($110,000) for the data supposedly affected, it said: “We have all your data. 50 ETH and we will delete it.”

The Thunder has expressed a willingness to strengthen security measures and be open to negotiations for the return of stolen funds, but has not directly addressed the hackers’ ultimatum. Thunder made it clear that it lacked access to users’ private keys and refuted the possibility of an exploiter gaining such access.

Etherscan data revealed the hacker’s wallet address sending 86.3 ETH to the Railgun protocol, a service that facilitates transaction anonymization. Launched in late 2022 by Eversify Labs, Thunder Terminal specializes in rapid transactions across multiple blockchain networks, including Ethereum, Solana, Avalanche, and Arbitrum.