Thunder Terminal Hack

On December 27, 2023, Thunder Terminal, an on-chain trading platform, suffered an exploit that compromised 114 out of 14,000 wallets, resulting in the theft of approximately $240,000 in assets (86.5 ETH and 439 SOL).

The attack, which lasted nine minutes, stemmed from a third-party breach of a MongoDB connection URL, exploited eight days prior, allowing the attacker to access session tokens and execute unauthorized withdrawals.

Thunder Terminal reported that no private keys were compromised and swiftly halted the attack. The platform committed to fully refunding affected users, offering 0% fees and $100,000 in platform credits.

However, the hacker disputed Thunder’s claims via a memo on Etherscan, asserting they held user data and demanding a 50 ETH ($110,000) ransom for its deletion.

Thunder denied the hacker’s access to private keys and expressed openness to negotiate the return of stolen funds. The stolen ETH was traced to the Railgun protocol, which anonymizes transactions.

The incident highlighted vulnerabilities in third-party integrations and the growing audacity of cybercriminals, prompting Thunder to bolster security measures while reinforcing the need for robust data protection in multi-chain trading platforms.