Thunder Terminal: No private keys, wallets compromised during $240k exploit

Stock Photo – cdn.pixabay.com

Thunder Terminal has said that no private wallets or keys were compromised following the December 26 breach incident in which it lost 86.5 Ether or about $240,000 to the hackers behind the exploit.

“No private keys nor wallets were compromised. The exploit happened through withdrawal requests our server considered as authorized because of leaked session tokens. We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected. Less than 1 percent of wallets on our platform were affected as a result of this attack,” said Thunder in a social media post.

Thunder explained that the breach occurred when the attacker accessed a MongoDB connection URL, enabling them to withdraw funds. The incident report highlighted that the MongoDB company was exploited eight days earlier, resulting in a breach in Thunder’s data.

Thunder emphasized that only 114 wallets were affected. They promised full refunds to those impacted with no fees and $100,000 in platform credits as compensation.

“No one’s private keys are compromised. Only 114 wallets out of over 14,000 were affected. Funds are safe going forward. We stopped the attack in <9 minutes,” Thunder said.

Despite Thunder’s reassurances about user data security, a message from the hacker on Etherscan disputed this. The hacker debunked Thunder’s claims and demanded a ransom of 50 ETH, equivalent to $110,000, for the supposedly impacted data.

“We have all the user data. 50 ETH and we will delete the data,” said the hacker.

Crypto analyst aaalex.eth shared his thoughts on Thunder’s exploit, suggesting that the data lost by MongoDB could contain highly sensitive information, potentially allowing hackers to steal from MongoDB’s clients, including Thunder.

“Thunder claims they were hacked due to an exposed connection url. A connection url is an endpoint allowing you to connect to a database. The problem is, connection urls can make up the database endpoint, plus username, plus password. So it’s extremely sensitive,” he said.

Thunder ready to negotiate to recover funds

In order to counter any future attacks, Thunder said it has implemented additional security measures, including Two-Factor Authentication (2FA) for withdrawals, to protect its protocol.

The company presently aims to negotiate intensively with the hackers to recover the stolen funds. It has also revealed that it has undertaken several measures in response to the situation. Its legal team and the FBI have been informed and are actively engaged.

“Going forward: – Refunds will be issued soon. – Access to the platform will be restored as soon as possible. – We are willing to negotiate with the exploiter if they return user funds. Otherwise, we intend to pursue this crime to the fullest extent of the US judicial system,” said Thunder. It also mentioned that it is conducting a detailed technical audit to assess the situation.

“Everyone from the Thunder team would like to thank you for your patience. We cannot stress enough how much we care about this product and this space. It truly means the world to us. We worked throughout Christmas and we will work everyday going forward to restore your trust. We will be available for communication 24/7 throughout the next several days,” Thunder said.

Investigators observed that after the hackers stole the 86.5 ETH, the related transaction was made anonymous using the Railgun protocol. The hacking incident was described by Thunder as the first sophisticated exploit experienced by the trading platform since its establishment.

For almost two years, Thunder has facilitated rapid cryptocurrency trades and enabled the exchange of digital assets across various blockchain networks. Thunder gained attention last year when it emerged as the primary competitor to Telegram trading bots.