A massive security breach occurred on an on-chain trading platform known as Thunder Terminal. The exploit resulted in unauthorized access to 114 of the more than 14,000 wallets connected to the network. The total loss amounted to 86.5 Ether and 439 Solana, equivalent to approximately $240,000. According to reports, the attack, which lasted just 9 minutes, occurred when a third-party service used by Thunder Terminal was hacked.
The attack began via a suspicious withdrawal from a Thunder wallet during the period 12:11:47 UTC. The attackers were able to gain access to the MongoDB connection URL, which allowed them to perform withdrawals using session tokens. At Thunder Terminal know well Users whose private keys or wallets have not been directly compromised, despite the severity of the situation. Direct access to user wallets, especially desktop wallets, was impossible because the platform’s architecture does not maintain private keys.
In direct response to the security breach, Thunder Terminal made urgent efforts to curb the exploit. After the illegal activity was discovered, they stopped it within nine minutes and told consumers that all incorrect payments would be reimbursed in full. Affected customers will also be offered a compensation package consisting of 0% commission and $100,000 in platform credit. At the same time, Thunder Terminal is in the process of contacting the Federal Bureau of Investigation and adopting additional security measures, including two-factor authentication for withdrawals.
Contrary to the promises provided by Thunder Terminal, a statement has been released by the hacker questioning the safety of user information. To delete all user data, they demanded a ransom of 50 ether, equivalent to about $100,000. The hackers’ demands and claims have increased the complexity of the incident, raising questions about the scope of the data breach.
Additionally, Thunder Terminal stated that, although discussions are open for user restoration, it will take legal action to the fullest extent of the U.S. court system if users do not comply with its demands. money. The proactive approach taken by the platform in both the security and legal spheres demonstrates its commitment to protecting users and implementing ethical procedures in the face of cybersecurity vulnerabilities.
Image source: Shutterstock