Thunder Terminal hit by $250K exploit; 114 wallets hacked

abdelaziz Fathi

Thunder Terminal, an on-chain crypto trading platform, experienced a security exploit today, resulting in the loss of 86.5 ETH (roughly $192,000) and 439 SOL (around $47,800). However, the platform assured that no private keys were compromised, and it has taken steps to secure users’ funds.

According to Thunder Terminal’s statement on X (formerly Twitter), the incident affected only 114 out of more than 14,000 wallets on the platform. The company confirmed that funds are secure moving forward and claimed to have halted the attack in under nine minutes. They also plan to refund all lost funds in full and offer affected users 0% fees and $100,000 in credits each.

The attacker, however, disputed Thunder Terminal’s claims in an on-chain note, alleging that they possess user data and demanding a ransom of 50 ETH for its deletion. This claim adds a layer of complexity to the incident, raising concerns about the safety of user data.

Thunder Terminal’s incident report identified the cause of the exploit as unauthorized withdrawal requests, which were processed due to leaked session tokens. This breach occurred through a MongoDB connection URL, which the attacker exploited to carry out the withdrawals.

Introduced by Eversify Labs in late 2022, Thunder Terminal is designed for quick transactions across multiple blockchain networks, including Ethereum, Solana, Avalanche, and Arbitrum. It positions itself as an alternative to Telegram trading bots like Unibot.

The incident underscores the ongoing cybersecurity challenges faced by on-chain trading platforms and the importance of robust security measures in the rapidly evolving cryptocurrency sector. Thunder Terminal’s prompt response and commitment to refunding affected users highlight the platform’s efforts to maintain user trust and security in the wake of the exploit

Cryptocurrency exchanges, frequently targeted by hackers, have witnessed similar incidents in recent months, including hacks on HTX, Bitrue, Gdac, and Deribit, resulting in massive losses.

  • Read this next

    Institutional FX, Uncategorized

    Why retail brokers are launching prime services

    Insights are provided by leading industry experts, including Elina Pedersen, Co-CEO & CRO of Your Bourse; Andrew Saks, Chief Product Officer at TraderEvolution; Natalia Zakharova, Head of Business Development at FXOpen; and Jay Mawji, CEO of Infinox.

    Institutional FX

    Cboe to launch MSCI-based options and volatility indices

    “We are excited to expand our Cboe-MSCI toolkit with additional index options and volatility indices – an enhancement that will not only broaden our customers’ product choice, but also enrich the ways they interact with and analyze the global markets.”


    Traxys taps Quantifi for risk management in commodities trading

    “We wanted to take a more sophisticated approach to risk management and have a consolidated view of risk exposures across our global operating model. Quantifi was our preferred choice as it has a track record of success in the commodities markets.”

    Digital Assets

    Startale Labs Secures Funding for Web3 Expansion

    Startale Labs, a leader in Japan’s Web3 development, including Astar Network and Startale Web3 Cloud, has raised an additional $3.5m from UOB Venture Management and Samsung Next. This seed extension round boosts their total seed funding to $7m, following a $3.5m investment from Sony Network Communications in June 2023.

    Retail FX acquires South African broker Ubutyebi Financial Services, the multi-regulated financial services provider, has made a strategic move to expand its presence in Africa by acquiring Ubutyebi Financial Services, a licensed Financial Service Provider (FSP) in South Africa regulated by the Financial Sector Conduct Authority (FSCA).

    Digital Assets

    Hong Kong advances legislation on stablecoins and crypto trading

    Hong Kong is moving forward with legislation to regulate stablecoins and crypto over-the-counter (OTC) trading in the latest effort to develop a legal framework to service the city’s digital-asset industry.

    Digital Assets

    Do Kwon to be extradited to US as South Korea request overturned

    Terraform Labs co-founder Do Kwon is set to be extradited to the United States to face fraud charges related to massive losses suffered by U.S. investors due to its algorithmic stablecoin collapse.

    Retail FX

    Prop firm Instant Funding pauses US accounts, citing ThinkMarkets ban

    Proprietary trading firm Instant Funding has become the latest retail platform to halt onboarding new US clients, citing a recent decision by their partner broker, ThinkMarkets.

    Retail FX

    Funded Trader and Alpha Capital switch to cTrader, Lark Funding to DXTrade

    Proprietary trading firms Lark Funding and Alpha Capital have both announced changes to their operations that mainly affect their business with US clients.