- Thunder Terminal’s hacker has claimed that the platform is lying to its users that their funds are safe
- Thunder Terminal admitted that it was exploited and lost nearly $250,000 of user funds
- The platform said that “funds are safe going forward”
On-chain crypto exchange Thunder Terminal and its hacker are having a standoff shortly after the attacker stole nearly $250,000 from the platform. The exchange disclosed that they managed to stop the attack in less than nine minutes and users’ “funds are safe going forward.” The hacker has however disagreed with the platform’s statement saying that it’s “all lies” saying that he has access to user data, further blurring the line on who is telling the truth.
Hacker Threatens to Delete All User Data
According to Thunder Terminal, the malicious actor gained access to user funds and data after accessing data on MongoDB, a third-party database provider. The exchange noted suspicious withdrawals nine minutes into the exploit and revoked “all kinds of access to transaction signing.”
<blockquote class=”twitter-tweet”><p lang=”en” dir=”ltr”>Incident Report<br><br>At 12:11:47 AM UTC, suspicious withdrawals started getting sent through Thunder wallets. <br><br>A malicious actor got access to a MongoDB connection URL which they used to pull session tokens and execute withdrawals on behalf of users.<br><br>At 12:20:35 AM UTC, the last…</p>— Thunder (@ThunderTerminal) <a href=”https://twitter.com/ThunderTerminal/status/1739843737860374845?ref_src=twsrc%5Etfw”>December 27, 2023</a></blockquote> <script async src=”https://platform.twitter.com/widgets.js” charset=”utf-8″></script>
The platform also noted that the attacker may have accessed data from the MongoDB security breach that happened eight days ago. Although the exchange announced that it will reimburse affected users, negotiate with the hacker and that assets and data are safe, the hacker holds that they’re in possession of “all user data” and over $110,000 in ETH.
The hacker has threatened to delete the data if Thunder Terminal doesn’t yield to his demands. Blockchain data shows that the attacker has moved around $190,000 in ETH to transaction anonymizing platform Railgun.
FBI Involvement to Follow?
Thunder Terminal disclosed that they’re open to negotiations with the hacker or involving law enforcement agencies like the FBI if the attacker isn’t ready to return the funds.
The exchange is currently working to enable 2FA authentication for withdrawals, boosting its security and conducting a full technical audit, with hopes of restoring access to the platform “as soon as possible.”
The standoff comes a few weeks after the KyberSwap hacker demanded that the Kyber company relinquish the company’s control to him in exchange for the stolen funds.
With the hacker moving funds to Railgun, it’s likely that they aren’t planning to return the funds even for a bounty.