Onchain trading platform Thunder Terminal has lost approximately $240k in an exploit as a hacker illicitly withdraws SOL and ETH from over 100 user wallets.
Thunder announced that it noted suspicious withdrawals from user wallets on the platform at 12:11 AM UTC on December 27. Thunder said that the hacker entity got access to a “MongoDB connection URL,” which they used to pull session tokens and manage to proceed with withdrawals from users’ wallets.
The attack was mitigated after the Thunder team revoked all session token access and transaction signing. The team also confirmed that no private keys or user wallets were compromised, while only 1% of wallets were affected. The lost assets include 86.56 ETH and 439.12 SOL, totaling approximately $240,000 of user funds.
“The exploit happened through withdrawal requests our server considered as authorized because of leaked session tokens,” said the team, adding, “We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected.”
Thunder Says Funds Are Safe Now! Hacker Says Not Yet
Thunder claims that no data, such as private keys or wallet access, is compromised. The attack was stopped in less than 9 minutes, and only 114 of 14,000 wallets were affected.
However, the hacker entity sent an onchain message, which says that the Thunder team is lying and they have all user data, which will be deleted if they receive 50 ETH.
The Thunder team has not officially responded to the hacker’s message. Furthermore, the team said that they have contacted the FBI to look into the matter while willing to negotiate if the exploiter returns user funds or else it “intends to pursue this crime to the fullest extent of the US judicial system.”
Also Read: KyberSwap Slashes Staff 50% but Unveils Zap API for Users
