Thunder Terminal Secures User Funds After Foiling Exploit, Hacker Demands Ransom for Data

The on-chain trading platform Thunder Terminal recently experienced a significant security breach, which put user funds at risk. However, the platform promptly responded to the exploit, reassuring users that their private keys and wallets had not been compromised. Despite this, the hacker disputes these claims and has demanded an additional ransom for user data. In this article, we will delve into the incident, examining Thunder Terminal’s response, the hacker’s assertions, the breach of Thunder’s data, the refund plan, the hacker’s activities, and providing an overview of Thunder Terminal’s features and functionality.

Incident Report: User Funds Secured

In the aftermath of the exploit, Thunder Terminal has released an incident report, assuring users that their private keys and wallets have not been compromised. The platform reiterates that only 114 out of 14,000 wallets were affected. Thunder Terminal further guarantees that all affected users will be fully refunded, in addition to receiving 0% fees and $100,000 in platform credits as a gesture of goodwill.

Hacker’s Claims and Ransom Demand

Despite Thunder Terminal’s assurances, the hacker vehemently claims that the platform’s statements are false. The attacker issued a demand for a 50 ETH ($110,000) ransom for the allegedly affected user data. The attacker left a memo on Etherscan, asserting that Thunder Terminal’s assurances were nothing but lies.

Exploitation of MongoDB and Breach of Thunder’s Data

The incident report revealed that the exploitation of the MongoDB company eight days prior resulted in the breach of Thunder Terminal’s data. This breach exposed vulnerabilities in Thunder Terminal’s security protocols and allowed unauthorized access to user information. The extent of the compromised data remains uncertain.

Thunder’s Response and Refund Plan

While Thunder Terminal did not explicitly address the hacker’s ransom demand, it stated that the platform does not have access to users’ private keys, eliminating the possibility of the attacker gaining access to them. To ensure heightened security, Thunder Terminal pledged to implement extra measures. The platform also expressed a willingness to negotiate with the hacker in hopes of recovering the stolen funds.

Hacker’s Activities and Use of Stolen Funds

Etherscan data shed light on the hacker’s actions, revealing that the attacker’s wallet address sent a total of 86.3 ETH to the Railgun protocol, which enables users to anonymize their transactions. This move aims to obfuscate the origin of the stolen funds, making it challenging to trace their final destination.

Thunder Terminal’s Features and Functionality

Thunder Terminal is an innovative trading platform designed for seamless trading across various blockchain networks such as Ethereum, Solana, Avalanche, and Arbitrum. It provides users with efficient and quick trade execution, supporting their investment strategies across multiple networks. The platform’s compatibility with these networks allows users to explore diverse investment opportunities and capitalize on market movements.

The security breach experienced by Thunder Terminal underlines the persistent threat faced by cryptocurrency platforms. However, Thunder Terminal’s prompt and transparent response demonstrates its commitment to safeguarding user funds. The platform has taken immediate steps to enhance security and is actively engaging with the hacker in a bid to retrieve the stolen funds. Moving forward, Thunder Terminal emphasizes its determination to protect user assets and strengthen its security infrastructure, pledging to implement further measures to ensure the safety and trust of its users.

Explore more

Wobcom Expands Data Center in Wolfsburg to Meet Demand

In an era where digital connectivity forms the backbone of both business and personal life, the escalating demand for robust data infrastructure has become a pressing challenge for many regions. Across Germany, companies are racing to bolster their capabilities to support everything from cloud computing to high-speed internet access. Amid this surge, a notable development has emerged in Wolfsburg, where

kkRAT: Sophisticated Trojan Targets Chinese Users’ Crypto

In an era where digital transactions are increasingly central to daily life, the emergence of highly advanced malware poses a severe threat to unsuspecting users, particularly those engaged in cryptocurrency activities. Cybersecurity researchers have recently uncovered a formidable Remote Access Trojan (RAT) named kkRAT, which specifically targets Chinese-speaking individuals. Distributed through deceptive phishing sites hosted on popular platforms, this malware

How Does ANY.RUN Sandbox Slash Security Response Times?

Purpose of This Guide This guide aims to help Security Operations Center (SOC) teams and cybersecurity professionals significantly reduce incident response times and enhance threat detection capabilities by leveraging ANY.RUN’s Interactive Sandbox. By following the detailed steps and insights provided, readers will learn how to integrate this powerful tool into their workflows to achieve faster investigations, lower Mean Time to

Trend Analysis: Browser Security Innovations

In an age where cyber threats loom larger than ever, imagine opening a browser to check the latest news, only to unknowingly expose sensitive data to a hidden exploit. With billions of users relying on browsers daily for work, communication, and entertainment, the stakes for security have never been higher. Browser security stands as a critical frontline defense against escalating

How Dangerous Is the Adobe Commerce SessionReaper Flaw?

Introduction Imagine running an e-commerce platform that processes thousands of transactions daily, only to discover a hidden vulnerability that could allow attackers to take over customer accounts with ease. This scenario is not just a hypothetical concern but a stark reality with the emergence of a critical security flaw in Adobe Commerce and Magento Open Source, known as SessionReaper (CVE-2025-54236).