Multichain trading platform Thunder Terminal suffered a hacker attack after malicious actors accessed its MongoDB connection.
in X post On December 27, Thunder Terminal acknowledged the breach, stating that hackers were able to access the MongoDB connection URL.
This access allowed the attacker to retrieve the session token and execute a revocation on the user’s behalf.
Thunder Terminal said the attack ended at 12:20 a.m. UTC on December 27 after all session tokens and transaction signing access were revoked for security reasons.
Although Thunder Terminal assured users that no private keys or wallets were compromised, the team admitted that “less than 1% of wallets” were affected. The attack reportedly resulted in funds being stolen from at least 114 wallets.
“This attack occurred through a withdrawal request from a server that was deemed authorized due to a session token leak. We do not store your private keys, so attackers cannot access your wallet. Desktop wallets were not affected.”
Thunder Terminal
As of press time, it is unclear exactly how the hackers gained access to the project’s database. Thunder Terminal suggests the hack may be linked to an incident involving New York-based MongoDB. In mid-December, MongoDB detected “suspicious activity” on its network and later confirmed that hackers had infiltrated its systems “for a period of time before being discovered.”
According to blockchain sleuth Zach The project also revealed that hackers stole more than 439 SOL (about $49,160).
Initially, Thunder Terminal said the attack involved compromise of a third-party provider. The team also added that “the funds are safe” and that “refunds will be processed soon.”
However, shortly after this post, the hacker released a blockchain-based statement accusing the Thunder team of lying and threatening to release all user data unless the project paid 50 ETH as a ransom.
Launched in late 2022, Thunder Terminal is a multi-chain trading platform that supports Ethereum, Solana, Avalanche, and other networks.