OP
by BSCN
May 15, 2024
The attack, first detected by Web3 security firm Cyvers, saw the hacker exploit a two-day timelock to manipulate the platform and steal Wrapped Ether (WETH), Velo (VELO), soVELO, and Wrapped USDC (USDC.e).
Sonne Finance, a decentralized lending protocol, experienced a severe exploit on Wednesday morning in Asia, resulting in approximately $20 million in losses.
The attack is ongoing and much bigger, an additional $17 million has been stolen and the total value loss is more than $20 million. @SonneFinance please take immediate action. https://t.co/k39W09J8Bd
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 14, 2024
The attack was first detected by Web3 security firm Cyvers on May 14 at around 10:30 pm UTC. Despite the prompt detection, the hacker managed to steal $20 million in Wrapped Ether (WETH), Velo (VELO), soVELO, and Wrapped USDC (USDC.e) before Sonne Finance became aware of the situation 25 minutes later.
The attack occurred following Sonne Finance's addition of token markets for Velodrome Finance’s VELO, a decision made after a community proposal. The hacker exploited a two-day timelock to execute four transactions, which included creating markets and adding collateral factors.
The attacker executed transactions by donating large amounts of cryptocurrency to manipulate the exchange rate between two tokens. This manipulation tricked the platform into believing it had more collateral than was actually available.
Blockchain data reveals that the attacker managed to transfer millions of VELO, ether, and USDC following the manipulation. They later converted these assets into $8 million in bitcoin and ether, transferring the funds to a new wallet address in the early hours of the European trading session.
The hacker swapped 59 WBTC for approximately 1,185 ether and 183,000 DAI, indicating an intent to use a privacy protocol like Tornado Cash to obscure the trail of the stolen funds. This strategic move highlights the sophisticated techniques employed by the attacker to avoid detection and traceability.
The hack had a significant impact on the market, causing the price of SONNE to plummet by 60% to 2.8 cents, its lowest level in over a year. This decline cut the market cap to $2.2 million, even after the developers managed to stop $6.5 million from being siphoned off once they became aware of the attack.
Sonne Finance paused all markets on the Optimism network in response to the breach on X (formerly Twitter). This quick action aimed to prevent further losses. Sonne Finance then partnered with Cyvers to investigate the incident.
All markets on Optimism have been paused.
— Sonne Finance (@SonneFinance) May 15, 2024
Markets on Base are safe.
We'll provide more information with time.
Sonne Finance is currently exploring all options to retrieve the stolen funds. One approach under consideration is negotiating a bug bounty with the hacker. In such scenarios, the hacker might return most of the stolen funds and keep roughly 10% as a reward for identifying a security flaw.
The team has indicated that, while they cannot recover the stolen funds immediately, the investigation into the hacker’s identity is ongoing.
This is not the first time Sonne Finance has faced security challenges. In February 2023, the protocol lost $1.55 million of TrueFi tokens in an exploit. Such recurring issues highlight the persistent vulnerabilities within DeFi protocols and the need for continuous improvement in security practices.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
October 22, 2024
Do Betting Odds Know Best?
October 22, 2024
Michael Saylor's Legacy: Donating His Bitcoin Wealth to Humanity, Inspired by Satoshi Nakamoto
October 22, 2024
MakerDAO May Return as Core Brand After Sky Rebrand Faces Backlash
October 22, 2024
Bitcoin Spot ETFs Records $2.67B in Inflows in Just One Week
October 22, 2024
Chainlink and ANZ Collaborate on Private Transactions for Tokenized Real-World Assets
October 21, 2024
Transak Data Breach Exposes 92K Users: Employee Phishing Attack, Ransomware Group Claims Responsibility
October 21, 2024
Ripple Co-Founder Chris Larsen Donates $10 Million to Kamala Harris' Presidential Campaign Amid Divided Crypto Industry Support
October 21, 2024
Pump.fun Unveils New "Pump Advance" Trading Terminal, Teases Native Token Release