Lending protocol Sonne Finance was forced to suspend operations after a hack took $20 million worth of cryptocurrency off the market.
May 14, around 10:30 PM (UTC) Web3 security company Cybers detected Ongoing attacks on Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts.
However, by the time Sonne Finance became aware of the situation 25 minutes later, hackers had already stolen $20 million from WETH, Velo (VELO), soVELO and Wrapped USDC (USDC.e).
At 12:11 AM UTC on May 15, Sonne Finance announced on X that “all markets on Optimism have been paused.” Soon after, the protocol alliance We investigate the situation further with Cybers.
Sonne is currently exploring all options to recover the stolen funds, including negotiating bug bounties for the hackers. In these situations, hackers return most of the stolen funds and take about 10% of the loot in return for discovering the security flaw.
But the hacker doesn’t seem to be in any mood to negotiate. According to blockchain researcher PeckShield, the attackers have already moved a significant portion of the loot ($7.8 million) to new wallet addresses.
The attacker then exchanged 59 WBTC for approximately 1,185 Ether (ETH) and 183,000 Dai (DAI). This move suggests an intention to funnel stolen funds through privacy protocols such as Tornado Cash to prevent traceability.
Sonne Finance’s post-mortem investigation found that the donation attack was performed on Sonne’s Compound v2 fork, which has a known bug. according to X To community member PoorBabyCorn.
They accused Sonne Finance of using Compound v2 despite knowing the risks and asked, “If this isn’t a planned backdoor, what is?”
At the same time, cryptocurrency institutional investment firm BlockTower Capital’s main hedge fund was reportedly exploited and partially breached.
The funds were not recovered, and BlockTower hired a blockchain forensics analyst to trace the funds and determine how they were compromised. On May 15, Bloomberg News, citing sources familiar with the matter, reported that the exploiters had also not been arrested.
Related: $53 million worth of stolen Poloniex Ether failed to return to exchanges.
The partner was informed about the incident. Assets under management are reportedly worth $1.7 billion.
BlockTower did not immediately respond to Cointelegraph’s request for comment.
In February 2023, BlockTower appears to have lost approximately $1.5 million due to a $2 million exploit by multichain exchange aggregator Dexible.
Dexible said about 85% of the stolen funds came from “a small number of large whales.” Arkham Intelligence, an on-chain intelligence platform, listed the wallet with the $1.5 million leak as belonging to BlockTower.
magazine: ‘AI in each other’ to prevent AI apocalypse: Science fiction writer David Brin