A hacker who exploited a vulnerability in the Thunder Terminal protocol has demanded a ransom of 100 ETH (around $192,000) to return the stolen funds. The hacker claims that they acted in good faith and only wanted to expose the security flaw in the protocol. However, the Thunder Terminal team has denied any negotiation with the hacker and said that they have secured the protocol and the remaining funds.
What is Thunder Terminal?
Thunder Terminal is a decentralized protocol that allows users to access multiple blockchains through a single interface. The protocol aims to provide a seamless and user-friendly experience for cross-chain transactions, liquidity mining, and yield farming. Thunder Terminal supports Ethereum, Binance Smart Chain, Polygon, Avalanche, Fantom, and Arbitrum networks.
How did the hacker exploit the protocol?
According to a post-mortem report by the Thunder Terminal team, the hacker exploited a logic error in the protocol’s smart contract that allowed them to mint unlimited Thunder Tokens (TTN), the native token of the protocol. The hacker then used the minted TTN to swap for other tokens on the protocol’s DEX and withdrew them to their own wallet.
The hacker managed to steal around 100 ETH worth of tokens from the protocol before the team noticed the anomaly and paused the smart contract. The team said that they have fixed the bug and deployed a new smart contract. They also said that they have contacted the exchanges where the hacker transferred the tokens and asked them to freeze the hacker’s accounts.
What did the hacker say?
The hacker, who goes by the alias of “ThunderHacker”, posted a message on the protocol’s Discord channel, claiming that they did not intend to harm the protocol or its users. The hacker said that they only wanted to demonstrate the vulnerability in the protocol and prove their skills. The hacker also said that they are willing to return the stolen funds if the Thunder Terminal team pays them a ransom of 100 ETH.
The hacker said that they have the private keys of the wallets where they transferred the tokens and that they can prove their identity by signing a message. The hacker also warned the team that if they do not pay the ransom within 24 hours, they will dump the tokens on the market and cause a price crash.
What did the Thunder Terminal team say?
The Thunder Terminal team responded to the hacker’s message by saying that they have no intention of paying the ransom and that they consider the hacker’s actions as malicious and criminal. The team said that they have reported the incident to the authorities and that they will pursue legal action against the hacker.
The team also said that they have secured the protocol and the remaining funds and that they will compensate the affected users. The team said that they will distribute new TTN tokens to the users who had staked or provided liquidity to the protocol before the exploit. The team also said that they will launch a new version of the protocol with enhanced security features and audits.
What is the impact of the exploit?
The exploit has caused a significant drop in the price of TTN, which fell from $0.12 to $0.02 in a matter of hours. The exploit has also damaged the reputation and trust of the protocol, which had launched its mainnet only a week ago. The protocol had attracted over $10 million in total value locked (TVL) before the exploit.
The exploit has also raised questions about the security and reliability of cross-chain protocols, which have become increasingly popular in the crypto space. Cross-chain protocols aim to bridge the gap between different blockchains and enable interoperability and scalability. However, they also face complex technical challenges and potential vulnerabilities that could expose them to attacks.