Multi-chain trading platform Thunder Terminal has suffered a hacker attack, saying a malicious actor gained access to a MongoDB connection.
In an X post on Dec. 27, Thunder Terminal acknowledged the breach, stating that the hacker gained access to a MongoDB connection URL.
This access allowed the intruder to retrieve session tokens and execute withdrawals on behalf of users.
The attack concluded at 12:20 AM UTC, Dec 27, after all session tokens and transaction signing access were revoked for security reasons, Thunder Terminal said.
While Thunder Terminal assured users that no private keys or wallets were compromised, the team admitted that “less than 1% of wallets” were affected. The attack reportedly resulted in funds being stolen from at least 114 wallets.
“The exploit happened through withdrawal requests our server considered as authorized because of leaked session tokens. We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected.”
As of press time, it is unclear, how exactly the hacker got access to the project’s database. Thunder Terminal suggests that the hack may be related to an incident involving New York-based MongoDB. In mid-December, MongoDB detected “suspicious activity” on its network, later confirming that hackers had infiltrated its systems “for some period of time before discovery.”
According to blockchain sleuth ZachXBT, the attack transferred 86.5 ETH (worth around $192,500) to Railgun, a privacy-aimed protocol that enables users to anonymously swap cryptocurrencies and make private transactions. The project also revealed that the hacker stole over 439 SOL (around $49,160).
Initially, Thunder Terminal said the attack was related to a compromise of its third-party provider. The team also said “funds are safe,” adding that “refunds will be handled shortly.”
However, shortly after this post, the hacker issued a blockchain-based statement, accusing the Thunder Team of lying and threatening to disclose all user data unless the project pays them 50 ETH in ransom.
Launched in late 2022, Thunder Terminal is a multi-chain trading platform with support for Ethereum, Solana, Avalanche, and other networks.