On-chain trading platform Thunder Terminal suffered an exploit resulting in at least $100,000 worth of stolen Ethereum and Solana. The breach enabled bad actors to hijack user session tokens and initiate unauthorized withdrawals.
- Hackers access Thunder MongoDB and steal session tokens.
- Fake ETH and SOL withdrawals initiated; $100K+ lost.
- Promises refunds, 2FA, and legal action against perpetrators.
- The team believes the hack is linked to the recent MongoDB provider compromise.
Based on a Twitter incident report, the first illicit transfers happened around midnight UTC Thursday morning around 12:11:47 AM. Following the incident, Thunder revoked all session tokens and transaction signing abilities to halt further hemorrhaging.
Read more: TEL Token Dips 30% Following $1.3M Exploit; Telcoin Commits To Wallet Restoration
Over 86 ETH and 439 SOL were confirmed drained, though the losses only impacted less than 1% of platform wallets not utilizing cold storage security. No private keys or other user data were accessed in the attack, according to the report.
Thunder ruled out Inside Job
Thunder pinned the exploit vector on a recent security breach at MongoDB, a database provider it relies on for authentication services. Hackers leaked MongoDB credentials eight days ago in a separate server infiltration, enabling access to Thunder’s systems.
An internal compromise was ruled out. The speedy response and transparency proved wise as news spread rapidly on crypto channels. On-chain sleuth ZachXBT highlighted the suspicious activity on his Telegram channel while the attack played out.
Read more: Tim Draper Predicts When Bitcoin Will Hit $250,000
In response, Thunder said it revoked all legacy tokens and connection URLs while restricting future database access solely from its servers. User funds will be restored in full, accompanied by trading fee waivers and account credits.
Plans are already underway to bolster security moving forward, including:
- Mandatory 2FA for withdrawals
- Legal pursuit of the hackers with authorities
- Technical audits across infrastructure
The exploiter referred to Thunder’s X posts as “all lies,” as highlighted in an on-chain note by ZachXBT. The address associated with the attacker claimed to possess all user data and suggested that the data could be deleted for a payment of 50 ETH.
——————————————————–
Click Here For The Original Story From This Source.
Related
Click Here For The Original Source.
————————————————————————————-