Multi-chain buying and selling platform Thunder Terminal has suffered a hacker assault, saying a malicious actor gained entry to a MongoDB connection.
In an X post on Dec. 27, Thunder Terminal acknowledged the breach, stating that the hacker gained entry to a MongoDB connection URL.
This entry allowed the intruder to retrieve session tokens and execute withdrawals on behalf of customers.
The assault concluded at 12:20 AM UTC, Dec 27, in spite of everything session tokens and transaction signing entry had been revoked for safety causes, Thunder Terminal mentioned.
Whereas Thunder Terminal assured customers that no non-public keys or wallets had been compromised, the group admitted that “lower than 1% of wallets” had been affected. The assault reportedly resulted in funds being stolen from a minimum of 114 wallets.
“The exploit occurred by withdrawal requests our server thought-about as approved due to leaked session tokens. We don’t retailer any non-public keys, so the attacker doesn’t have entry to any wallets. Desktop wallets weren’t affected.”
Thunder Terminal
As of press time, it’s unclear, how precisely the hacker received entry to the undertaking’s database. Thunder Terminal suggests that the hack could also be associated to an incident involving New York-based MongoDB. In mid-December, MongoDB detected “suspicious exercise” on its community, later confirming that hackers had infiltrated its programs “for some time period earlier than discovery.”
In accordance with blockchain sleuth ZachXBT, the assault transferred 86.5 ETH (price round $192,500) to Railgun, a privacy-aimed protocol that allows customers to anonymously swap cryptocurrencies and make non-public transactions. The undertaking also revealed that the hacker stole over 439 SOL (round $49,160).
Initially, Thunder Terminal mentioned the assault was associated to a compromise of its third-party supplier. The group additionally mentioned “funds are secure,” including that “refunds will probably be dealt with shortly.”
Nonetheless, shortly after this publish, the hacker issued a blockchain-based statement, accusing the Thunder Workforce of mendacity and threatening to reveal all person information until the undertaking pays them 50 ETH in ransom.
Launched in late 2022, Thunder Terminal is a multi-chain buying and selling platform with assist for Ethereum, Solana, Avalanche, and different networks.