As known from:
known from Coinwireknown from Benchknown from Coinindex
  • About CryptoGmblr.com
Contains commercial content
Cryptogambling / Thunder Terminal: No private keys, wallets compromised during $240k exploit

Thunder Terminal: No private keys, wallets compromised during $240k exploit

Publish Date: 28/12/2023
Stock Photo, tags: thunder keys wallets - cdn.pixabay.com

Stock Photo – cdn.pixabay.com

Thunder Terminal has said that no private wallets or keys were compromised following the December 26 breach incident in which it lost 86.5 Ether or about $240,000 to the hackers behind the exploit.

“No private keys nor wallets were compromised. The exploit happened through withdrawal requests our server considered as authorized because of leaked session tokens. We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected. Less than 1 percent of wallets on our platform were affected as a result of this attack,” said Thunder in a social media post.

Thunder explained that the breach occurred when the attacker accessed a MongoDB connection URL, enabling them to withdraw funds. The incident report highlighted that the MongoDB company was exploited eight days earlier, resulting in a breach in Thunder’s data.

Thunder emphasized that only 114 wallets were affected. They promised full refunds to those impacted with no fees and $100,000 in platform credits as compensation.

“No one’s private keys are compromised. Only 114 wallets out of over 14,000 were affected. Funds are safe going forward. We stopped the attack in <9 minutes,” Thunder said.

Despite Thunder’s reassurances about user data security, a message from the hacker on Etherscan disputed this. The hacker debunked Thunder’s claims and demanded a ransom of 50 ETH, equivalent to $110,000, for the supposedly impacted data.

“We have all the user data. 50 ETH and we will delete the data,” said the hacker.

Crypto analyst aaalex.eth shared his thoughts on Thunder’s exploit, suggesting that the data lost by MongoDB could contain highly sensitive information, potentially allowing hackers to steal from MongoDB’s clients, including Thunder.

“Thunder claims they were hacked due to an exposed connection url. A connection url is an endpoint allowing you to connect to a database. The problem is, connection urls can make up the database endpoint, plus username, plus password. So it’s extremely sensitive,” he said.

Thunder ready to negotiate to recover funds

In order to counter any future attacks, Thunder said it has implemented additional security measures, including Two-Factor Authentication (2FA) for withdrawals, to protect its protocol.

The company presently aims to negotiate intensively with the hackers to recover the stolen funds. It has also revealed that it has undertaken several measures in response to the situation. Its legal team and the FBI have been informed and are actively engaged.

“Going forward: – Refunds will be issued soon. – Access to the platform will be restored as soon as possible. – We are willing to negotiate with the exploiter if they return user funds. Otherwise, we intend to pursue this crime to the fullest extent of the US judicial system,” said Thunder. It also mentioned that it is conducting a detailed technical audit to assess the situation.

“Everyone from the Thunder team would like to thank you for your patience. We cannot stress enough how much we care about this product and this space. It truly means the world to us. We worked throughout Christmas and we will work everyday going forward to restore your trust. We will be available for communication 24/7 throughout the next several days,” Thunder said.

Investigators observed that after the hackers stole the 86.5 ETH, the related transaction was made anonymous using the Railgun protocol. The hacking incident was described by Thunder as the first sophisticated exploit experienced by the trading platform since its establishment.

For almost two years, Thunder has facilitated rapid cryptocurrency trades and enabled the exchange of digital assets across various blockchain networks. Thunder gained attention last year when it emerged as the primary competitor to Telegram trading bots.

Top Online Casinos
Top Casinos Bonuses
Stake.us
Stake.us
Stake.us Review
4.6/5
McLuck
McLuck
McLuck Review
4.6/5
High5Casino
High5Casino
High5Casino Review
4.5/5
Sweeptastic
Sweeptastic
Sweeptastic Review
4.5/5
Wow Vegas
Wow Vegas
Wow Vegas Review
4.5/5
Stake.us
Stake.us Bonus
$55 Stake Cash + 260K Gold Coins + 5% Rakeback
T&Cs apply
4.6/5
McLuck
McLuck Bonus
7.500 Gold Coins + 2,5 Sweepstakes Coins
T&Cs apply
4.6/5
High5Casino
High5Casino Bonus
5 Sweeps Coins + 250 Game Coins + 600 Diamonds
T&Cs apply
4.5/5
Sweeptastic
Sweeptastic Bonus
Get 70,000 Lucky Coins and 44 Sweeps Coins
T&Cs apply
4.5/5
Wow Vegas
Wow Vegas Bonus
1.75M WOW Coins + 35 Free Sweepstake Coins
T&Cs apply
4.5/5
Latest News
Charles Hoskinson forecasts Altcoin season showdown: ADA vs. DOGE
Cardano (ADA) Faces Dual Meme Coin Competition where ...
Top 5 AI cryptocurrencies ready to thrive during the next bull market
New crypto ventures merge the groundbreaking capabilities of ...
Top Crypto Exchange Sites
Crypto Exchange Guide
  • Crypto Exchanges
  • Betting Exchange
Top Brands
Top Bonuses
Stake.us
Stake.us
Stake.us Review
4.6/5
McLuck
McLuck
McLuck Review
4.6/5
High5Casino
High5Casino
High5Casino Review
4.5/5
Sweeptastic
Sweeptastic
Sweeptastic Review
4.5/5
Wow Vegas
Wow Vegas
Wow Vegas Review
4.5/5
Stake.us
Stake.us Bonus
$55 Stake Cash + 260K Gold Coins + 5% Rakeback
T&Cs apply
4.6/5
McLuck
McLuck Bonus
7.500 Gold Coins + 2,5 Sweepstakes Coins
T&Cs apply
4.6/5
High5Casino
High5Casino Bonus
5 Sweeps Coins + 250 Game Coins + 600 Diamonds
T&Cs apply
4.5/5
Sweeptastic
Sweeptastic Bonus
Get 70,000 Lucky Coins and 44 Sweeps Coins
T&Cs apply
4.5/5
Wow Vegas
Wow Vegas Bonus
1.75M WOW Coins + 35 Free Sweepstake Coins
T&Cs apply
4.5/5

Players must be 21 years of age or older or reach the minimum age for gambling in their respective state and located in jurisdictions where online gambling is legal. Please play responsibly. Bet with your head, not over it. If you or someone you know has a gambling problem, and wants help, call or visit: (a) the Council on Compulsive Gambling of New Jersey at 1-800-Gambler or www.800gambler.org; or (b) Gamblers Anonymous at 855-2-CALL-GA or www.gamblersanonymous.org.

Trading financial products carries a high risk to your capital, especially trading leverage products such as CFDs. CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. Between 74-89% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.

This site is using Cloudflare and adheres to the Google Safe Browsing Program. We adapted Google's Privacy Guidelines to keep your data safe at all times.

21+NCPGCloudflareSSLco² neutral
Close
Players accepted in the US US Flag
Stake.us Exclusive Bonus
$55 Stake Cash + 260K Gold Coins + 5% Rakeback
Promo Code
Go to Stake.us
Visit Site
T&Cs apply, 18+
Payment Methods
Bitcoin
Litecoin
Ethereum
Dogecoin
Highlights
  • Exclusive promo code: CRYPTGAMBL
  • Play Stake Originals games for free
  • Get free Stake Cash daily just by logging in
Stake Originals
Dice
Crash
Plinko
Mines
×
Your Bonus Code:
The bonus offer of was already opened in an additional window. If not, you can open it also by clicking the following link:
Visit Site