Thunder Terminal Faces Security Compromise: $240,000 Worth of Cryptocurrency Stolen
Introduction
Recently, a major security breach occurred on the on-chain trading platform, Thunder Terminal. The breach resulted in the illegal access of 114 wallets out of the 14,000 connected to its network. The attackers managed to steal 86.5 Ether and 439 Solana, equivalent to approximately $240,000. The breach was caused by a hack on a third-party service utilized by Thunder Terminal. In this article, we will delve into the details of the incident and the steps taken by Thunder Terminal to address the issue.
The Security Breach
At 12:11:47 UTC, suspicious withdrawals were initiated from Thunder wallets, signaling the start of the exploit. The attacker gained access to a MongoDB connection URL, which enabled them to carry out withdrawals using session tokens. Thunder Terminal has assured its users that their private keys and wallets were not directly compromised due to the platform’s architecture, which does not retain private keys. Direct access to user wallets, especially desktop wallets, was not possible.
Containment and Compensation
As soon as Thunder Terminal discovered the illicit actions, they swiftly halted them within nine minutes. The platform reassured its users that any lost payments would be fully reimbursed. In addition, those affected will receive a compensation package consisting of 0% fees and $100,000 in platform credits. Thunder Terminal is also working closely with the Federal Bureau of Investigation and implementing additional security measures, such as two-factor verification for withdrawals.
Hacker’s Demands
The hacker released a statement questioning the safety of user information, contradicting Thunder Terminal’s claims. They demanded a ransom of fifty ether (around $110,000) to delete all user data. This demand and allegation have added complexity to the case, raising concerns about the extent of the data breach.
Legal Measures and User Protection
Thunder Terminal has stated its intention to take legal action to the fullest extent of the United States court system if the hacker does not comply with their demands. However, the platform remains open to discussions for the recovery of user funds. The proactive approach taken by Thunder Terminal in both the security and legal domains demonstrates its commitment to user protection and the implementation of ethical procedures in response to cybersecurity vulnerabilities.
Image source: Shutterstock