Sonne Finance, a lending protocol, was forced to halt its operations after falling victim to a hack that resulted in the theft of $20 million worth of cryptocurrencies from the market.
On May 14, at approximately 10:30 pm UTC, Cyvers, a Web3 security firm, detected an ongoing attack on Sonne Finance’s contracts for USD Coin (USDC) and Wrapped Ether (WETH). However, by the time Sonne Finance became aware of the situation 25 minutes later, the hacker had already stolen $20 million in WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e).
Sonne Finance announced on X at 12:11 am UTC on May 15 that “All markets on Optimism have been paused.” Shortly after, the protocol partnered with Cyvers to conduct further investigations.
Currently, Sonne Finance is exploring various options to recover the stolen funds, including the possibility of negotiating a bug bounty for the hacker. In such cases, the hacker typically returns most of the stolen funds while keeping around 10% as a reward for identifying a security vulnerability.
However, it appears that the hacker is not interested in negotiations. According to blockchain investigator PeckShield, the exploiter has already transferred a significant portion ($7.8 million) of the stolen funds to a new wallet address.
The exploiter then exchanged 59 WBTC for approximately 1,185 Ether (ETH) and 183,000 Dai (DAI), indicating an intention to launder the stolen funds through a privacy protocol like Tornado Cash to avoid detection.
Sonne Finance’s post-mortem analysis revealed that a donation attack was carried out on Sonne’s Compound v2 forks, which had a known bug. PoorBabyCorn, a member of the X community, accused Sonne Finance of using Compound v2 despite being aware of the risks and questioned whether this was a deliberate backdoor.
Meanwhile, it has been reported that the main hedge fund of crypto institutional investment firm BlockTower Capital has also been exploited and partially drained. The funds have not been recovered, and BlockTower has enlisted the help of blockchain forensic analysts to trace the funds and determine the method of breach. As of May 15, the exploiter has not been arrested, according to Bloomberg’s sources.
BlockTower has informed its partners about the incident and reportedly manages $1.7 billion in assets.
In February 2023, BlockTower experienced a loss of approximately $1.5 million in the $2 million exploit of the multichain exchange aggregator Dexible. Dexible stated that around 85% of the stolen funds belonged to “a few big whales.” Arkham Intelligence, an on-chain intelligence platform, identified a wallet drained of $1.5 million as belonging to BlockTower.
In an interview, sci-fi author David Brin suggested using competing artificial intelligences to prevent an AI apocalypse.