Thunder Terminal Thwarts $240K Attack, Hacker Demands Ransom

Thunder Terminal finds itself in a pickle as a bad actor disputes its incident report on a $240K attack.

Hacker in the thunder clouds wirh lots of power.
Created by Kornelija Poderskytė from DailyCoin
  • Thunder Terminal has been exploited for thousands of dollars.
  • The platform claimed to have thwarted the attack.
  • The attacker’s counterclaims and ultimatum suggested otherwise.

On-chain trading platform Thunder Terminal claims to have thwarted a recent exploit that compromised some of its user wallets and led to a loss of thousands of dollars. Yet, the hacker still demanded a ransom payment.


On December 27, Thunder Terminal issued an alert on X (Twitter), confirming that it had been exploited via a compromised third-party service, which later turned out to be a MongoDB connection URL.  

Thunder Terminal Stops the Attack in “Nine Minutes,” Reassures Users of Safety

In a follow-up update, the platform stated that it had stopped the attack in less than nine minutes and reiterated that user funds were safe going forward.

Two hours after the attack, Thunder Terminal sought to reassure its users of the platform’s safety in a detailed incident report, clarifying that no private keys nor wallets had been compromised following the hack.

“We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected. Less than 1% of wallets on our platform were affected as a result of this attack,” the report read.

Confirming that 86.5611512804 ETH and 439.12232317 SOL (about $240,0000) had been lost in the attack, the platform promised the affected users full refunds on top of 0% fees and $100k in credits each.

But despite the reassurance, Thunder Terminal users were confused when the attacker issued counterclaims to the incident report and claimed access to user data.

Attacker’s Ultimatum and Counterclaims

The attacker left a message on Etherscan disputing Thunder Terminal’s reassurances as “all lies” and demanding 50 ETH ransom to delete “all the user data.”


While Thunder Terminal has yet to respond to the attacker’s demands, blockchain detective ZachXBT revealed that the bad actor transferred 86.5 ETH (approximately $192,500) to Railgun. This privacy-centric protocol allows users to swap crypto and make private transactions anonymously.

Read how the Telcoin App was recently exploited:
Telcoin App Suffers $1.3M Exploit, TEL Token Plunges 48%

Stay updated on the top 2023 crypto hacks:
Biggest Crypto Hacks of 2023 Resulted in Over 70% of Losses

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Brian Danga

Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.