Hacker Attack on Thunder Terminal Results in $240k in Losses

Thunder Terminal, a multi-chain trading platform, has experienced a cyber attack in which a hacker gained access to a MongoDB connection. The breach was acknowledged by Thunder Terminal in a post on December 27, stating that the hacker had obtained a MongoDB connection URL. This allowed the intruder to retrieve session tokens and carry out withdrawals on behalf of users. The attack was resolved at 12:20 AM UTC on December 27, after all session tokens and transaction signing access were revoked for security reasons. Thunder Terminal assured users that no private keys or wallets were compromised, but they admitted that less than 1% of wallets were affected. It is currently unclear how the hacker gained access to the project’s database, but Thunder Terminal speculates that it may be related to a previous incident involving New York-based MongoDB. In mid-December, MongoDB detected suspicious activity on its network, confirming that hackers had infiltrated its systems before being discovered. According to blockchain expert ZachXBT, the hacker transferred 86.5 ETH (equivalent to approximately $192,500) to Railgun, a privacy-focused protocol, and stole over 439 SOL (approximately $49,160). Initially, Thunder Terminal believed that the attack was connected to a compromise of its third-party provider, but the hacker later issued a statement accusing the Thunder Team of lying and demanding a ransom of 50 ETH in exchange for not disclosing user data. Thunder Terminal was launched in late 2022 and supports Ethereum, Solana, Avalanche, and other networks.