Seems like the terminal client has a hard coded key. Is the client using that to check that against the one sent from the coordinator? No match, no mix? http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Terminal/src/branch/main/darkjar/src/main/resources/cipher/mainnet

Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.