Thunder claims funds now safe after $192K exploit, hacker says otherwise

Decentralized trading platform Thunder has confirmed 114 wallets had been compromised as part of an exploit, which has seen the hacker make off with an estimated 86.3 Ether (ETH) or $192,000 of funds.

In a Dec. 27 post to X (formerly Twitter), Thunder stated the exploit was the result of a third-party service being compromised. It assured users that funds were safe, no private keys were compromised, and that the attack had been halted within nine minutes. 

Thunder claimed that only 114 wallets had been compromised and assured users that refunds would be handled shortly. 

No one’s private keys are compromised.

Only 114 wallets out of over 14,000 were affected.

Funds are safe going forward. We stopped the attack in <9 minutes. https://t.co/BPzeAg4cz8

— Thunder (@ThunderTerminal) December 27, 2023

However, a memo left by the attacker on Etherscan has been saying otherwise, with the exploiter claiming that Thunder Terminal’s assurances were “all lies,” and demanded a 50 ETH ($110,000) ransom for the affected data. 

“We have all the user data. 50 ETH and we will delete the data,” wrote the hacker. 

Etherscan data shows that hackers’ wallet address sending a total of 86.3 ETH to the Railgun protocol, a service that allows users to anonymize their transactions. 

This is a developing story, and further information will be added as it becomes available.