Sonne Finance Paralyzed by $20 Million Crypto Hack

The Sonne Finance lending protocol had to pause operations following a hack that took $20 million worth of cryptocurrencies from the market.

By approximately 10:30 p.m. UTC on May 14, Web3 security firm Cyvers had picked up on an ongoing attack against the Sonne Finance USD Coin and Wrapped Ether (WETH) contracts.

However, at that instance, Sonne Finance first discovered the breach after 25 minutes and by that time, the hacker had taken off with WETH, VELO, soVELO, and Wrapped USDC all said to have been valued at $20 million. e.

On May 15th, 12:11 AM UTC, Sonne Finance tweeted from X: "All markets on Optimism have been paused." Shortly thereafter, the protocol engaged Cyvers to dig deeper into the matter.

Sonne is now trying all he can to recover the money stolen by negotiating a bug bounty with the hacker. In such a scenario, the hacker will return most of the money stolen and keep around 10% of the loot as a reward for the discovery of the security flaw.

But the hacker seems to be in no mood for any kind of negotiations. The exploiter has transferred $7.8 million of the loot to a new wallet address, says blockchain investigator PeckShield.

The exploiter then swapped 59 WBTC for approximately 1,185 ETH and 183,000 DAI. This makes it look like he might use this step to launder the stolen funds through a privacy protocol, Tornado Cash, to avoid traceability.

According to X community member PoorBabyCorn, a postmortem conducted by Sonne Finance found that the attack used was a donation attack on known-bug Sonne Compound v2 forks.

They blamed Sonne Finance for using Compound v2 when it was a known risk and said, "If this isn't a premeditated backdoor, what is?"

Parallelly, the flagship hedge fund of crypto institutional investor BlockTower Capital has reportedly been hacked and partly drained.

But the money was not recovered, and blockchain forensic investigators have been engaged by BlockTower to track the funds and figure out how the hack was carried out. The hacker has also not been apprehended, reported Bloomberg on May 15, citing people familiar with the matter.

Its partners have been advised of what happened. It appears that the company has assets under management totaling $1.7 billion.

BlockTower did not immediately respond to a request for comment from Cointelegraph. Last February, the multichain exchange aggregator Dexible was exploited for about $2 million, with BlockTower alone losing around $1.5 million in the exploit. Dexible added that the "few big whales" accounted for something like 85% of the stolen funds. The on-chain intelligence platform named the drained wallet of $1.5 million as having belonged to BlockTower.