The leadership of the Thunder Terminal platform has reported that a hacker gained access to the service's MongoDB connection URL, which was used to acquire tokens and withdraw funds on behalf of users. Approximately eight days ago, the MongoDB platform suffered an attack leading to data leakage. As a result of the breach, the hacker accessed data from 114 wallets on Thunder Terminal. Within just nine minutes, the perpetrator managed to withdraw 86.5 ETH and 439 SOL, totaling $240,000. The thief has already sent 86.3 ETH to the Railgun protocol, enabling users to anonymize transactions.
Thunder specialists have stated that the issue has been resolved, and the remaining 14,000 wallets were not compromised. All affected users will be fully compensated for their losses. Additionally, they will be provided with bonuses, including zero fees and $100,000 in platform credits.
"No one's private keys are compromised. Only 114 wallets out of over 14,000 were affected. Funds are safe going forward. We stopped the attack in
— Thunder (@ThunderTerminal) December 27, 2023"
While Thunder assured users that their data is secure, the hacker claims otherwise. In a message left on Etherscan, the perpetrator stated that Thunder's words are an absolute lie. The hacker demanded a ransom of 50 ETH ($110,000) for allegedly compromised data. Thunder has stated that it will take additional security measures and remains open to negotiations with the hacker for the return of stolen funds.
Recall that recently, the Japanese game Aurory, built on the Solana blockchain, fell victim to hackers. The perpetrator managed to withdraw 600,000 AURY tokens, amounting to approximately $684,000.
Top comments (0)