Thunder Terminal Hacked: $240,000 Stolen in MongoDB Breach

Cryptocurrency trading platform Thunder Terminal suffered a security breach on December 27th, resulting in the theft of approximately $240,000 in user funds. The attack highlights the importance of secure data storage and the ongoing vulnerabilities of decentralized finance (DeFi) platforms.

Thunder Terminal acknowledged the breach in a blog post, stating that the hacker gained access to a MongoDB connection URL. This access allowed them to retrieve session tokens and execute unauthorized withdrawals on behalf of users. The attack ended at 12:20 AM UTC on December 27th after all session tokens and transaction signing access were revoked.

Limited Scope, But Still Significant:

Thunder Terminal assured users that no private keys or wallets were compromised, and their desktop app remained unaffected. However, the team admitted that “less than 1%” of wallets were affected, with at least 114 wallets suffering from fund theft.

Cause and Culprit Unclear:

The exact nature of how the hacker accessed Thunder Terminal’s database remains unclear. The platform suggests a possible connection to a recent MongoDB security breach, where the database provider acknowledged unauthorized access to its systems.

Blockchain detective ZachXBT traced the stolen funds, finding that the attacker transferred 86.5 ETH (approximately $192,500) to Railgun, a privacy-focused protocol for anonymous cryptocurrency swaps and transactions. Additionally, the hacker stole over 439 SOL (around $49,160).

Conflicting Messages and Ransom Threats:

Thunder Terminal initially claimed the attack involved a compromised third-party provider and reassured users that funds were safe and refunds would be issued. However, the hacker countered these claims through a blockchain-based message, accusing the platform of lying and threatening to reveal all user data unless they received a 50 ETH ransom.

Also Read: Telcoin Suffers $1.2M Exploit, Token Price Plummets 40% – Is Your Mobile Wallet Safe?

About The Author

CEO & Founder Digital Currency Group (DCG) Previous post Grayscale Shakeup: Chairman Exits as Bitcoin ETF Awaits Verdict
Ripple XRP Next post Ripple President Sees 2024 as Crypto’s “Breakout Moment,” Predicts DeFi and Compliance Innovation