Skip to main content
Sign in

Thunder Terminal

avoid.net/thunder-terminal38/100·100% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:etherscan][src:blockchain-forensics][src:news][src:hack][src:zachxbt]
anchored·5mGHN4…rai4

Summary

Thunder Terminal is a Solana-based on-chain trading terminal that suffered a $240,000 exploit on December 27, 2023, when an attacker leveraged compromised MongoDB credentials to steal session tokens and drain 86.5 ETH and 439 SOL from 114 user wallets in under nine minutes. The attacker subsequently routed the stolen ETH through the Railgun privacy protocol and demanded a 50 ETH ransom for deletion of alleged user data, directly contradicting Thunder Terminal's public claim that no user data or private keys were compromised. Thunder Terminal pledged full reimbursement of stolen funds, engaged the FBI, and implemented additional security controls, though no public confirmation of completed reimbursements has been verified.

Connected Entities

1 entities
Organizations
Thunder Terminal
Relationships
    Have evidence about Thunder Terminal?

    Timeline(7 events)

    2023-12-19

    MongoDB discloses a breach of its own systems approximately eight days before the Thunder Terminal attack, which allegedly exposed Thunder Terminal's database connection credentials.

    CoinSpeaker, The Crypto Times

    2023-12-27

    Thunder Terminal exploit begins at 12:11:47 AM UTC. Attacker uses a stolen MongoDB connection URL to extract session tokens and execute unauthorized withdrawals from 114 wallets, draining 86.5 ETH and 439 SOL (~$240,000 total).

    The Crypto Times, CoinSpeaker, Crypto.news

    2023-12-27

    Attack concludes at 12:20:35 AM UTC — nine minutes after it began. Thunder Terminal detects the activity and revokes all session tokens and transaction signing capabilities to halt further withdrawals.

    CoinSpeaker, Crypto.news

    2023-12-27

    ZachXBT flags the suspicious activity on his Telegram channel and traces approximately 86.3–86.5 ETH being routed to the Railgun privacy protocol. The Block reports ZachXBT's findings.

    The Block

    2023-12-27

    Thunder Terminal issues a public incident report, stating no private keys or user wallets were compromised, and pledging full reimbursement of stolen funds plus 0% fees and $100,000 in platform credits for affected users.

    CoinTelegraph, CryptoPotato

    2023-12-27

    The attacker sends an on-chain message via Etherscan demanding 50 ETH (~$110,000) ransom for deletion of alleged stolen user data, calling Thunder Terminal's public statements 'all lies.'

    CoinTelegraph, Milk Road

    2023-12-27

    Thunder Terminal contacts the FBI and its legal team. Representative 'Jackson' confirms FBI active involvement. Platform implements 2FA for withdrawals and initiates a full security audit.

    CryptoPotato, BankInfoSecurity
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:etherscansrc:blockchain-forensicssrc:newssrc:hacksrc:zachxbt

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet

    generated: 5/4/2026, 4:05:04 PM

    last updated: 5/26/2026, 4:11:16 AM

    avoid.net — verified advice for a post-truth world