Crypto hack: Ethereum, Solana DeFi trading platform Thunder exploited for $239,000
|- Thunder team confirmed the exploit on X, stating that 86 ETH and 439 SOL were lost in the attack.
- The hacker stated that they held user data regarding private keys and that they intended to delete it.
- The Thunder team stated no keys or wallets are stored by the protocol, hence making the threat irrelevant.
The team also assured affected users that their funds would be refunded and that they would be given 0% fees.
The crypto market witnessed another hack before the year ended as trading platform Thunder confirmed an exploit on December 27. The DeFi protocol running on Ethereum, Solana, and other chains has been threatened by the exploiter of potentially deleting users’ private keys’ data, although the team denied the possibility, reassuring the safety of assets.
Crypto trading protocol Thunder hacked
Crypto trading protocol Thunder took to X, formerly Twitter, to confirm a suspected exploit on December 27. The team addressed the suspicious withdrawals that began early in the morning and put a halt to the same in the next nine minutes.
The hacker still managed to steal 86.5 ETH and 439 SOL, collectively worth over $239,000. According to Thunder, the exploiter managed to gain access to a MongoDB connection URL, which they used to pull session tokens and execute withdrawals on behalf of users.
While the team behind the protocol stated that 114 out of the 14,000 wallets on the platform were affected, the exploiter noted that they held the user data concerning private keys and intended to delete them.
Thunder exploiter’s threat
This threat was discredited by the Thunder team, which stated,
“No private keys nor wallets were compromised…We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected. Less than 1% of wallets on our platform were affected as a result of this attack.
Furthermore, the team stated that they are already communicating with the Federal Bureau of Investigation (FBI) and are willing to negotiate with the exploiter, failure of which would lead to them taking legal action.
We have taken the following actions:
— Thunder (@ThunderTerminal) December 27, 2023
- Our legal team and the FBI have been contacted.
- We are now undergoing a full, technical audit.
- We are working on adding 2FA immediately for withdrawals.
- We are adding additional security regarding session issuing.
- We know which…
We have taken the following actions:
— Thunder (@ThunderTerminal) December 27, 2023
- Our legal team and the FBI have been contacted.
- We are now undergoing a full, technical audit.
- We are working on adding 2FA immediately for withdrawals.
- We are adding additional security regarding session issuing.
- We know which…
Lastly, users were reassured of the safety of their assets, and the ones affected were notified with the team claiming that the lost funds would be refunded in full and the users would be given 0% fees and $100,000 in credits.
The Thunder exploit could be the last exploit of 2023, which has already seen the theft of more than $2 billion worth of assets, with the largest attack witnessed by blockchain security consultancy firm Mixin Network, resulting in the loss of over $200 million worth of digital assets.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.