As the holiday season arrives, exploiters seem to be unusually active, and this time, Thunder Terminal fell victim to their efforts, losing $240,000.
While the team behind the on-chain trading platform said no private keys or wallets were compromised, the hacker disputes this assertion, insisting on an additional ransom for user data.
In the incident report, Thunder emphasized that the breach resulted in losses of 86.5 Ether and 439 Solana, equivalent to $240,000, occurring within nine minutes. The platform initially detected suspicious withdrawals from user wallets at 12:11 AM UTC on December 27. The hacker gained access to a “MongoDB connection URL,” leveraging it to extract session tokens and execute withdrawals from users’ wallets.
Thunder said it took prompt action by revoking all session token access and transaction signing, effectively mitigating the attack. The team confirmed that no private keys and user wallets were compromised while acknowledging that only 1% of wallets were impacted. The incurred losses amounted to 86.56 ETH and 439.12 SOL, totaling around $240,000 in user funds.
The platform asserted it would fully refund all lost funds and provide affected users with 0% fees and $100,000 in credits. Additionally, it has engaged its legal team and contacted the FBI. A comprehensive technical audit of the on-chain trading system is currently underway.
In a tweet, Thunder Terminal outlined its immediate actions, including the implementation of two-factor authentication (2FA) for withdrawals, enhancing security measures related to session issuance, and expressing intent to pursue the services utilized by the attacker.
Thunder Terminal further added that it is willing to engage in negotiations with the exploiter under the condition that they return the user funds. However, in the lack of such cooperation, the platform is determined to pursue legal action to the fullest extent within the US judicial system to address this crime.
“We are willing to negotiate with the exploiter if they return user funds. Otherwise, we intend to pursue this crime to the fullest extent of the US judicial system.”
Hacks Slow Down for the First Time Since 2020
In 2023, there was a notable decrease of over 50% in hack volumes within the crypto industry, according to TRM Labs. The majority of these incidents, accounting for approximately 60%, were identified as infrastructure attacks. Such incidents entail the theft of private keys or compromise of seed phrases, where perpetrators infiltrate the fundamental elements of a cryptocurrency system, such as servers, networks, or software, to either pilfer assets or manipulate trades.
However, improved security measures, increased law enforcement actions, and greater industry collaboration with exchanges, wallet providers, and blockchain networks have managed to lessen the damage.
In fact, this marks the first instance of a decline in stolen amounts since 2020, as per De.FI, a Web3 security firm. Its report revealed that approximately $2 billion in crypto was pilfered by hackers through numerous cyberattacks and thefts throughout 2023.