Home > News > Thunder Terminal States No Wallets Were Compromised After 86.5 ETH Hack; Hacker Claims ‘All Lies’

Thunder Terminal States No Wallets Were Compromised After 86.5 ETH Hack; Hacker Claims ‘All Lies’

Published: Dec 27, 2023
Written By:
Vignesh Karunanidhi
Milk Road Writer
Thunder Terminal States No Wallets Were Compromised After 86.5 ETH Hack; Hacker Claims 'All Lies'

On-chain trading platform Thunder Terminal suffered an exploit resulting in at least $100,000 worth of stolen Ethereum and Solana. The breach enabled bad actors to hijack user session tokens and initiate unauthorized withdrawals.

  • Hackers access Thunder MongoDB and steal session tokens.
  • Fake ETH and SOL withdrawals initiated; $100K+ lost.
  • Promises refunds, 2FA, and legal action against perpetrators.
  • The team believes the hack is linked to the recent MongoDB provider compromise.

Based on a Twitter incident report, the first illicit transfers happened around midnight UTC Thursday morning around 12:11:47 AM. Following the incident, Thunder revoked all session tokens and transaction signing abilities to halt further hemorrhaging.

Read more: TEL Token Dips 30% Following $1.3M Exploit; Telcoin Commits To Wallet Restoration

Over 86 ETH and 439 SOL were confirmed drained, though the losses only impacted less than 1% of platform wallets not utilizing cold storage security. No private keys or other user data were accessed in the attack, according to the report.

Thunder ruled out Inside Job 

Thunder pinned the exploit vector on a recent security breach at MongoDB, a database provider it relies on for authentication services. Hackers leaked MongoDB credentials eight days ago in a separate server infiltration, enabling access to Thunder’s systems.

An internal compromise was ruled out. The speedy response and transparency proved wise as news spread rapidly on crypto channels. On-chain sleuth ZachXBT highlighted the suspicious activity on his Telegram channel while the attack played out.

Read more: Tim Draper Predicts When Bitcoin Will Hit $250,000

In response, Thunder said it revoked all legacy tokens and connection URLs while restricting future database access solely from its servers. User funds will be restored in full, accompanied by trading fee waivers and account credits.

Plans are already underway to bolster security moving forward, including:

  • Mandatory 2FA for withdrawals
  • Legal pursuit of the hackers with authorities
  • Technical audits across infrastructure
Thunder hacker
Source: Etherscan

The exploiter referred to Thunder’s X posts as “all lies,” as highlighted in an on-chain note by ZachXBT. The address associated with the attacker claimed to possess all user data and suggested that the data could be deleted for a payment of 50 ETH.

Vignesh Karunanidhi

Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.

Vignesh Karunanidhi
Milk Road Writer
Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.
Read More