Thunder Terminal Claims Security After $192,000 Exploit, Hacker Demands Ransom in Dispute

Hongji Feng
Last updated: | 2 min read
Thunder Terminal Hacker
Source: DALL·E

Thunder Terminal has recently encountered an exploit. Despite the severity of the incident, the platform has assured users of the security of their funds. Yet the hacker claimed differently and demanded ransom.

In a recent post published by the decentralized platform Thunder Terminal, the company has faced an external exploit of $192,000, resulted in unauthorized access to 114 out of over 14,000 wallets on its network.

Thunder Terminal said when they detected the breach, “Seems like a 3rd-party service we were using was compromised.” Later they claimed that the exploit was rapidly contained, having been halted within nine minutes of detection.

Exploit, Refund, Resolution


“At 12:11:47 AM UTC, suspicious withdrawals started getting sent through Thunder wallets. A malicious actor got access to a MongoDB connection URL which they used to pull session tokens and execute withdrawals on behalf of users,” Thunder Terminal wrote in a following post.

“No private keys nor wallets were compromised. The exploit happened through withdrawal requests our server considered as authorized because of leaked session tokens,” wrote the post.

The platform further explained the mechanism and how the wallets were protected, saying, “We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected.”

As a result of the incident, around 86 Ethereum (ETH) and 439 Solana (SOL) tokens were lost.

Thunder Terminal promised that “all funds lost will be refunded in full” and “affected users will be given 0% fees and $100k in credits each,” as the team moved on to necessary procedures.

According to the post, the company has contacted the Federal Bureau of Investigation (FBI), planned to add two-factor authentication for withdrawals, and been undergoing a comprehensive technical audit.

“Access to the platform will be restored as soon as possible,” said Thunder Terminal.

Hacker Counters Thunder Terminal and Demands Ransom


However, the hacker claimed differently, countering the platform’s security statement. “All lies,” said the exploiter. “Also we have all the user data. 50 ETH and we will delete the data.”

Hacker Message

Some users have expressed their concerns, replying to Thunder Terminal’s post and questioning that “how did the 114 wallets get compromised if their private keys were safe?” Another replied, “Funds are safe in someone else’s wallet.”

In the meantime, the platform said, “We are willing to negotiate with the exploiter if they return user funds. Otherwise, we intend to pursue this crime to the fullest extent of the US judicial system.”