Posted: December 27, 2023 3:38 AM Updated: December 27, 2023 3:38 AM
Correction and fact check date: December 27, 2023, 3:38 AM
briefly
Thunder Terminal suffered a cyberattack in which hackers stole 86.5 ETH ($47,800), affecting 114 user wallets.
On-chain trading platform Thunder Terminal As reported by on-chain sleuth ZachXBT, 86.5 ETH, or $192,000, was transferred to Railgun today in the face of an exploit.
At 12:11:47 AM (UTC), suspicious withdrawals began to be sent from the Thunder Terminal wallet. Malicious actors were able to gain unauthorized access to MongoDB connection URLs, extract session tokens, and perform withdrawals on behalf of users.
By 12:20:35 AM (UTC), the last malicious withdrawal had occurred, causing Thunder Terminal to revoke all session tokens and limit access to transaction signatures as a security measure.
Thunder Terminal successfully stopped the attack within 9 minutes. Only 114 wallets out of over 14,000 were affected. Afterwards, the trading platform clarified that the private keys were not compromised, guaranteed the safety of the funds, and promised that refunds would be processed shortly.
The company said a leaked session token led to the exploit via withdrawal requests that were deemed authorized by the server. Confirmed losses amounted to approximately 86.5 ETH/439 SOL or $47,800.
Cybercriminals take advantage of the holiday season.
Throughout the year, hackers have carried out cyberattacks and thefts to illegally obtain billions of dollars in cryptocurrency. According to TRM Labs, a blockchain information company, the cumulative amount of cryptocurrency stolen by hackers reached approximately $1.7 billion as of December.
This week saw a series of cyberattacks across the digital landscape, with malicious actors taking advantage of the holiday season.
Recently, Telcoin, a decentralized finance platform, suffered a vulnerability attack, resulting in a loss of approximately $1.3 million. At the same time, the platform’s native token, TEL, experienced a significant drop of 43.25% in 24 hours.
Even as the year ends, cyber threats, including recent holiday season attacks such as the Thunder Terminal and Telecoin incidents, continue, suggesting the continued need for measures to strengthen digital security.
disclaimer
In accordance with the Trust Project Guidelines, the information provided on these pages is not intended and should not be construed as legal, tax, investment, financial or any other form of advice. It is important to invest only what you can afford to lose and, when in doubt, seek independent financial advice. We recommend that you refer to the Terms of Use and help and support pages provided by the publisher or advertiser for more information. Although MetaversePost is committed to accurate and unbiased reporting, market conditions may change without notice.
About the author
Alisa is a reporter for Metaverse Post. She focuses on everything related to investing, AI, metaverse, and Web3. Alisa holds a degree in Art Business and her expertise lies in the fields of art and technology. She developed a passion for journalism through writing about VCs, notable cryptocurrency projects, and participating in science writing.
more articles
alice davidson
Alisa is a reporter for Metaverse Post. She focuses on everything related to investing, AI, metaverse, and Web3. Alisa holds a degree in Art Business and her expertise lies in the fields of art and technology. She developed a passion for journalism through writing about VCs, notable cryptocurrency projects, and participating in science writing.
more articles