Thunder Terminal Hit by Cyberattack, Hacker Demands Hefty Ransom

The post Thunder Terminal Hit by Cyberattack, Hacker Demands Hefty Ransom appeared first on Coinpedia Fintech News

In a recent cyberattack, the multi-chain trading platform Thunder Terminal fell victim to a hacker attack, revealing that a malicious actor exploited vulnerabilities to gain access to a MongoDB connection.

The breach, disclosed on December 27, highlighted the hacker’s successful acquisition of a MongoDB connection URL, which granted them access to session tokens and enabled unauthorized withdrawals on behalf of users.

Incident Report

At 12:11:47 AM UTC, suspicious withdrawals started getting sent through Thunder wallets.

A malicious actor got access to a MongoDB connection URL which they used to pull session tokens and execute withdrawals on behalf of users.

At 12:20:35 AM UTC, the last…

— Thunder (@ThunderTerminal) December 27, 2023

Alarm bells are ringing loud! Here are all the details you must know.

Thunder Terminal in Action!

Thunder Terminal promptly responded to the security breach immediately. They took several steps to prevent further malicious withdrawals and future access to session tokens:

• Disconnected Previous URLs: All older connection points were deactivated.
• Revoked Session Tokens: Existing session tokens were invalidated.
• Enhanced Control: Thunder Terminal restricted access to connection URLs, ensuring they originated solely from their servers.

Thunder Terminal reassured its user base that private keys remained secure and desktop wallets were unharmed. However, a subset—less than 1%—of user wallets experienced unauthorized fund withdrawals, totaling a minimum of 114 affected wallets.

Read More: Crypto Hacking Losses Plunged by Nearly 50% in 2023; Here’s Why

Investigating the Breach

The precise source of the intrusion remains under investigation. Thunder Terminal hinted at a possible connection with a recent incident involving a New York-based MongoDB. This third-party provider had reported suspicious activities, later confirming a breach in their systems.

Blockchain analyst ZachXBT provided insights into the hacker’s activities. The illicit transactions led to Railgun, a privacy-focused protocol, where the hacker transferred 86.5 ETH (valued at $192,500) and 439 SOL (approximately $49,160).

Hacker Makes Demands

In a surprising turn, the hacker communicated via blockchain, accusing Thunder Terminal of deceit. They demanded a ransom of 50 ETH and threatened to disclose user data if not paid.

A (Harsh) Lesson for the Crypto Industry

Thunder Terminal’s experience underscores the importance of robust cybersecurity measures in the cryptocurrency ecosystem. The reliance on third-party services, while beneficial for data accumulation, introduces vulnerabilities. As the industry evolves, platforms must prioritize security, continuously enhancing defenses against sophisticated cyber threats.

Also Read: Top Crypto Hacks of 2023: Analyzing the Biggest Crypto Security Breaches – Research Report