Thunder Terminal Bounces Back Stronger After The Security Challenge
Thunder Terminal’s Major Security Breach and Ongoing Recovery
In a shocking turn of events, Thunder Terminal, a prominent on-chain trading protocol operating on Ethereum, Solana, Arbitrum, Base, and Avalanche, recently found itself amid a significant security breach. While the breach caused substantial concern, Thunder Terminal has taken robust steps to address the issue and restore user confidence.
Recovery Efforts and Enhanced Security
No one's private keys are compromised.
Only 114 wallets out of over 14,000 were affected.
Following the breach, Thunder Terminal acted swiftly to rectify the situation. They engaged the FBI to investigate the incident, demonstrating their commitment to resolving it thoroughly and professionally. In an update, Thunder Terminal announced that its platform would be live and trading would resume on December 28th, reassuring users that their assets would be safeguarded with enhanced security measures.
The Thunder Terminal team has been hard at work implementing crucial security enhancements:
Comprehensive Wallet Security: Thunder Terminal has reworked its wallet security from the ground up to ensure maximum protection.
Mandatory 2FA: The platform now mandates two-factor authentication (2FA) for withdrawals, transfers, and device verification, adding an extra layer of security.
Bug Bounty Program: Thunder Terminal has launched a bug bounty program to encourage proactive security, inviting ethical hackers to help identify and fix vulnerabilities.
Third-party Technical Audit: Thunder Terminal is expediting its third-party technical audit to ensure security and transparency.
Deep Clean: The platform underwent an extensive deep clean of its security measures and internal architecture, signifying a comprehensive effort to fortify its defences.
Thunder Terminal has committed to its users by offering compensation for the losses incurred during the breach. The affected users have received full refunds for their losses, amounting to 86.5611512804 ETH and 439.12232317 SOL, valued at approximately $250,000 at the time of the breach. Moreover, these users have been granted a lifetime exemption from fees and a generous credit of $100,000 each.
The platform has issued over $10 million worth of credits to support affected users. Remarkably, most of Thunder Terminal’s users, exceeding 99%, were unaffected by this exploit, ensuring the vast user base remains secure.
Thunder Terminal has introduced a points boost and 0% fee trading for several days to make amends for the downtime. Additionally, all paying users have been granted an extension on their subscriptions.
The Exploit Unveiled
Incident Report
At 12:11:47 AM UTC, suspicious withdrawals started getting sent through Thunder wallets.
A malicious actor got access to a MongoDB connection URL which they used to pull session tokens and execute withdrawals on behalf of users.
The security breach came to light around midnight when Thunder Terminal noticed unauthorised withdrawals from user wallets. According to the incident report, an attacker gained access to a URL, allowing them to take over users’ sessions and initiate withdrawals as if they were legitimate users.
Fortunately, the breach lasted only a few minutes before Thunder Terminal swiftly revoked all session tokens and transaction signing access, mitigating the damage. Significantly, no private keys or wallets were compromised, and the desktop application remained unaffected. Thunder Terminal reported that less than 1% of wallets on the platform were affected.
Legal and Technical Actions in Progress
internal update: – FBI involved already – site will be back online later today – additional security measures will be put into place before it goes online – refunds will be issued soon – deep clean still underway
Thunder Terminal has reported the breach to the FBI and is actively pursuing a technical audit to investigate the incident further. The platform implements two-factor authentication (2FA) for withdrawals to fortify security. They are also taking legal action against the attacker responsible for this breach.
Importantly, Thunder Terminal has confirmed that none of its team members’ accounts were compromised and that the breach was not the result of internal errors, providing reassurance to users and investors.
Crypto Security in 2023
The Thunder Terminal breach is a sobering reminder of the cryptocurrency industry’s persistent threats. In 2023, the decentralised finance (DeFi) sector reported losses of approximately $1.95 billion, with Ethereum emerging as the most vulnerable chain, accounting for losses of around $1.35 billion through 170 breaches.
Notably, 2023 also witnessed a remarkable decrease of over 50% in hack volumes within the crypto industry, according to TRM Labs. This decline is attributed to improved security measures, increased law enforcement actions, and enhanced collaboration within the industry. Consequently, this marks the first instance of a reduction in stolen amounts since 2020, as reported by De.FI, a Web3 security firm, revealed that approximately $2 billion in crypto was stolen by hackers throughout the year.
As Thunder Terminal navigates the aftermath of its security breach, it is a testament to the industry’s resilience and determination to protect user assets and uphold security standards. The crypto space continues to evolve, with security and transparency at the forefront of its priorities.
