There was a big security compromise that occurred on the on-chain trading platform known as Thunder Terminal. An exploit resulted in illegal access to 114 of the more over 14,000 wallets that were connected to its network. The total amount of losses reached 86.5 Ether and 439 Solana, which is roughly comparable to $240,000. According to reports, the assault, which was carried out in only nine minutes, was caused by a third-party service that Thunder Terminal used that had been hacked.
During the time period of 12:11:47 UTC, the exploit was started by making suspicious withdrawals from Thunder wallets. The attacker was able to acquire access to a MongoDB connection URL, which gave them the ability to carry out withdrawals by using session tokens. Thunder Terminal has informed users that none of their private keys or wallets have been directly compromised, despite the gravity of the situation. Due to the fact that the architecture of the platform does not retain private keys, direct access to user wallets, especially desktop wallets, was not possible.
As a direct reaction to the security compromise, Thunder Terminal took urgent efforts to contain the exploit. Following the discovery of the illicit actions, they put a stop to them within nine minutes and told consumers that any and all payments that were misplaced would be reimbursed in full. A compensation package consisting of 0% fees and $100,000 in platform credits will also be provided to customers who have been affected. At the same time, Thunder Terminal has been in communication with the Federal Bureau of Investigation and is in the process of adopting additional security measures, such as two-factor verification for withdrawals.
A statement was published by the
Read more on blockchain.news