Thunder Terminal Hit by Cyber Attack, Hacker Steals 86.5 ETH
In Brief
Thunder Terminal encountered a cyber attack where a hacker stole 86.5 ETH ($47,800), affecting 114 user wallets.
On-chain trading platform Thunder Terminal encountered a vulnerability attack today, resulting in the transfer of 86.5 ETH or $192,000 to Railgun, as reported by on-chain sleuth ZachXBT.
At 12:11:47 AM (UTC), suspicious withdrawals began getting sent from Thunder Terminal wallets. The malicious actor gained unauthorized access to a MongoDB connection URL, allowing them to extract session tokens and carry out withdrawals on behalf of users.
By 12:20:35 AM (UTC), the last malicious withdrawal occurred, prompting Thunder Terminal to revoke all session tokens and restrict access to transaction signing for security measures.
Thunder Terminal successfully halted the attack in under nine minutes. Only 114 wallets out of over 14,000 were affected. Subsequently, the trading platform clarified that no private keys were compromised, assured the safety of funds, and promised that refunds would be handled shortly.
The company disclosed that the exploit occurred through withdrawal requests that were considered authorized by the server due to leaked session tokens. The confirmed losses amounted to approximately 86.5 ETH/439 SOL or $47,800.
Cybercriminals Exploit the Holiday Season
Throughout the year, hackers have executed cyberattacks and thefts, resulting in the illicit acquisition of billions of dollars in cryptocurrencies. According to blockchain intelligence company TRM Labs, the cumulative amount of cryptocurrencies stolen by hackers reached approximately $1.7 billion as of December.
In the current week, the digital landscape has seen a series of cyber attacks, with bad actors taking advantage of the holiday season.
Recently, decentralized financial platform Telcoin fell victim to a vulnerability attack, resulting in a loss of approximately $1.3 million. Concurrently, the platform’s native token, TEL, experienced a significant decline of 43.25% within a 24-hour period.
As the year concludes, cyber threats persist, exemplified by the recent attacks during the holiday season such as Thunder Terminal and Telecoin incidents, suggesting an ongoing need for enhanced digital security measures.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.About The Author
Alisa is a reporter for the Metaverse Post. She focuses on investments, AI, metaverse, and everything related to Web3. Alisa has a degree in Business of Art and expertise in Art & Tech. She has developed her passion for journalism through writing for VCs, notable crypto projects, and scientific writing. You can contact her at alisa@mpost.io
More articlesAlisa is a reporter for the Metaverse Post. She focuses on investments, AI, metaverse, and everything related to Web3. Alisa has a degree in Business of Art and expertise in Art & Tech. She has developed her passion for journalism through writing for VCs, notable crypto projects, and scientific writing. You can contact her at alisa@mpost.io