News
Sonne Finance Suffers $20 Million Exploit, Hacker Escapes
Last updated: May 15, 2024 at 7:30 a.m. EDT | 3 minutes of reading
Lending protocol Sonne Finance has halted operations after a hack drained $20 million worth of cryptocurrencies, including WETH and USDC.
On May 14, around 10:30 p.m. UTC, Web3 security firm Cyvers detected an attack in progress against Sonne Finance’s USD and Wrapped Ether (WETH) contracts, when it had only stolen $3 in cryptocurrency.
🚨ALERT📷We have detected an attack on @SonneFinance$3 million was stolen from their USDC and WETH contracts.
Please contact us for more information. pic.twitter.com/tA4Heigfj7
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 14, 2024
However, Sonne Finance only became aware of the problem 25 minutes later. At that point, they had already exhausted $20 million worth of WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e).
On May 15 at 00:11 UTC, Sonne Finance made a vague announcement on X. They stated: “All optimism markets have been suspended” and that “basis markets are safe.” They also told users that more information would be provided “over time.”
All markets on Optimism have been suspended.
The markets on base are safe.
We will provide more information over time.
– Sonne Finance (@SonneFinance) May 15, 2024
Shortly after, the protocol in partnership with Cyvers to explore the situation further.
How Sonne Finance was exploited
3 hours after their initial announcement, Sonne explained the situation in more detail in a Press release.
Sonne Finance’s Optimisme channel was exploited via a known donation attack on Compound v2 forks.
Previously, measures were in place to combat the problem with 0% guarantee factors, adding guarantees and burning them, before gradually increasing guarantee factors based on proposals.
However, a recent proposal was approved to integrate VELO markets into Sonne. Transactions were scheduled on a multi-signature wallet with a 2 day timelock.
The exploit occurred at the end of the time frame, allowing the hacker to execute trades for market creation and add collateral factors.
After executing the markets undetected, the attacker was able to mine the protocol for $20 million. However, the remaining $6.5 million was saved by adding $100 worth of VELO to the markets.
Sonne Finance is working to recover the stolen funds, considering a bug bounty for their return. Typically, a 10% reward would be given to an exploiter for discovering a security vulnerability. They said:
“We are prepared to grant bonuses to exploiters and not commit to pursuing the case in the event of restitution of funds. »
However, it seems unlikely that the hacker will comply. According to blockchain investigator PeckShield, the exploiter has already transferred $7.8 million to a new wallet address.
#PeckShieldAlert @SonneFinance The address tagged by the exploiter transferred $7.8 million worth of crypto, including $100 $WBTC & 556.1 $ETHto a new address 0x6277…4c07 #Optimism pic.twitter.com/g4oiP5akr4
– PeckShieldAlert (@PeckShieldAlert) May 15, 2024
The exploiter then exchanged 59 WBTC for approximately 1,185 Ether and 183,000 Dai. This move suggests an intention to launder stolen funds through a privacy protocol such as Tornado Cash.
Tornado Cash in Crypto Crime
Tornado Cash is an open source cryptocurrency tumbler, also known as a “cryptocurrency mixer”. This tool obfuscates the path of crypto transactions, making it extremely difficult to determine the original source of funds.
Although created as a privacy tool, hackers often use these mixing services to launder stolen funds through decentralized exchanges.
Crypto mixers have seen significant adoption in recent years. In October 2023 on $77 million in assets processed through Tornado Cash contracts.
However, the majority of these adoptions involve illicit assets. Over the years, hackers have favored crypto-mixing services over centralized exchanges because once identified, addresses are blocked by the exchanges.
Tornado Cash circumvents this, in order to legitimize its source of funds by removing connections to a hacked wallet or illicit crypto activity.
Recently, UN sanctions monitors noted that North Korea involved in laundering $147.5 million in stolen cryptocurrency using Tornado Cash.
Nearly all major multimillion-dollar crypto hacks have used Tornado Cash to launder profits, according to Arkham Intelligence. report.
Something that prompted the US Treasury to impose sanctions on Tornado Cash in August 2022. As a result, its founders were accused of money laundering and sanctions violations one year later.
Although opinions within the crypto community vary regarding the adoption of privacy tools, there is consensus against the adoption of privacy tools. persecution of developers only to create an application.
Although crypto-related frauds and scams are on the declineit is important that users are informed how to protect yourself from crypto crime.