Thunder Terminal hacked for $190,000

The decentralized trading platform Thunder Terminal faced an exploit, through which the attacker withdrew 86.5 ETH (about $190,000 at the time of writing).

The incident drew the attention of an on-chain sleuth operating under the handle ZachXBT in his Telegram channel. According to him, the hacker перевел funds through the Railgun ecosystem.

Subsequently, Thunder’s representatives issued a statement noting that private keys were not affected.

No one’s private keys are compromised.

Only 114 wallets out of over 14,000 were affected.

Funds are safe going forward. We stopped the attack in <9 minutes. https://t.co/BPzeAg4cz8

— Thunder (@ThunderTerminal) December 27, 2023

“Only 114 wallets out of more than 14,000 were affected. Funds are safe. We stopped the attack in under nine minutes,” according to the platform’s post.

In a separate отчете, Thunder said the exploit occurred through withdrawal requests that the server considered authorized due to a session-token leak. The team also подтвердила losses of about 86.5 ETH and 439 SOL (roughly $47,800).

“All stolen funds will be returned in full, and affected users will be offered a 0% fee and $100,000 in lending,” the project team added.

Meanwhile, in an on-chain write-up назвал Thunder’s posts “absolute lies.” He warned that all user data are at his disposal.

Earlier on December 16, unknown attacked the NFT Trader P2P platform’s old smart contracts and drained non-fungible tokens worth $3 million.

Subsequently the Telcoin project lost $1.3 million due to the exploit, after which the TEL token’s price fell by 40%.