$20M Hack Forces Sonne Finance to Halt Operations
Crypto News– Lending protocol Sonne Finance was forced to pause operations after suffering a hack that drained $20 million worth of cryptocurrencies from the market.
Attack Detected by Cyvers
On May 14, around 10:30 pm UTC, Web3 security firm Cyvers detected an ongoing attack on Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts.
Funds Stolen Before Response
However, when Sonne Finance became aware of the situation 25 minutes later, the hacker had already stolen $20 million in WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e). On May 15 at 12:11 am UTC, Sonne Finance announced on X that All markets on Optimism have been paused. Soon after, the protocol partnered with Cyvers to investigate the situation further.
Efforts to Retrieve Stolen Funds
Sonne is currently exploring all options to retrieve the stolen funds, including negotiating a bug bounty for the hacker. In such situations, the hacker returns most of the stolen funds and keeps roughly 10% of the loot as a reward for finding a security flaw.
Hacker Unwilling to Negotiate
However, the hacker seems to be in no mood for negotiations. According to blockchain investigator PeckShield, the exploiter has already moved a large chunk of the loot ($7.8 million) to a new wallet address. The exploiter then swapped 59 WBTC for roughly 1,185 Ether (ETH) and 183,000 Dai (DAI). The move suggests an intent to siphon the stolen funds through a privacy protocol like Tornado Cash to deter traceability. Sonne Finance’s post-mortem found that a donation attack was conducted on Sonne’s Compound v2 forks, which had a known bug, according to X community member PoorBabyCorn.
Accusations of Negligence
They accused Sonne Finance of using Compound v2 despite knowing the risks and asked, If this isn’t a premeditated backdoor, what is?
Parallel Incident with BlockTower Capital
In parallel, the main hedge fund of crypto institutional investment firm BlockTower Capital has reportedly been exploited and partially drained.
Ongoing Investigation and Response
The funds have not been recovered, and BlockTower has employed blockchain forensic analysts to trace the funds and determine how they were breached. The exploiter has also not been arrested, Bloomberg reported on May 15, citing people familiar with the matter. Its partners have been informed about the incident. It reportedly has $1.7 billion in assets under management.
BlockTower did not immediately respond to Cointelegraph’s request for comment.
Previous Exploit in February 2023
In February 2023, BlockTower seemingly lost around $1.5 million in the $2 million exploit of the multichain exchange aggregator Dexible.
FAQs
How did Sonne Finance respond to the hack?
Upon learning of the hack 25 minutes after detection, Sonne Finance paused all markets on Optimism and partnered with Cyvers to investigate the situation further.
What happened to Sonne Finance?
Sonne Finance was forced to halt operations after a hack resulted in the theft of $20 million worth of cryptocurrencies.
How much was stolen in the hack?
The hacker stole $20 million in various cryptocurrencies, including Wrapped Ether (WETH), Velo (VELO), soVELO, and Wrapped USD Coin (USDC.e).
For the latest in crypto updates, keep tabs on Crypto Data Space.
Leave a comment