OP
by BSCN
May 15, 2024
The attack, first detected by Web3 security firm Cyvers, saw the hacker exploit a two-day timelock to manipulate the platform and steal Wrapped Ether (WETH), Velo (VELO), soVELO, and Wrapped USDC (USDC.e).
Sonne Finance, a decentralized lending protocol, experienced a severe exploit on Wednesday morning in Asia, resulting in approximately $20 million in losses.
The attack is ongoing and much bigger, an additional $17 million has been stolen and the total value loss is more than $20 million. @SonneFinance please take immediate action. https://t.co/k39W09J8Bd
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 14, 2024
The attack was first detected by Web3 security firm Cyvers on May 14 at around 10:30 pm UTC. Despite the prompt detection, the hacker managed to steal $20 million in Wrapped Ether (WETH), Velo (VELO), soVELO, and Wrapped USDC (USDC.e) before Sonne Finance became aware of the situation 25 minutes later.
The attack occurred following Sonne Finance's addition of token markets for Velodrome Finance’s VELO, a decision made after a community proposal. The hacker exploited a two-day timelock to execute four transactions, which included creating markets and adding collateral factors.
The attacker executed transactions by donating large amounts of cryptocurrency to manipulate the exchange rate between two tokens. This manipulation tricked the platform into believing it had more collateral than was actually available.
Blockchain data reveals that the attacker managed to transfer millions of VELO, ether, and USDC following the manipulation. They later converted these assets into $8 million in bitcoin and ether, transferring the funds to a new wallet address in the early hours of the European trading session.
The hacker swapped 59 WBTC for approximately 1,185 ether and 183,000 DAI, indicating an intent to use a privacy protocol like Tornado Cash to obscure the trail of the stolen funds. This strategic move highlights the sophisticated techniques employed by the attacker to avoid detection and traceability.
The hack had a significant impact on the market, causing the price of SONNE to plummet by 60% to 2.8 cents, its lowest level in over a year. This decline cut the market cap to $2.2 million, even after the developers managed to stop $6.5 million from being siphoned off once they became aware of the attack.
Sonne Finance paused all markets on the Optimism network in response to the breach on X (formerly Twitter). This quick action aimed to prevent further losses. Sonne Finance then partnered with Cyvers to investigate the incident.
All markets on Optimism have been paused.
— Sonne Finance (@SonneFinance) May 15, 2024
Markets on Base are safe.
We'll provide more information with time.
Sonne Finance is currently exploring all options to retrieve the stolen funds. One approach under consideration is negotiating a bug bounty with the hacker. In such scenarios, the hacker might return most of the stolen funds and keep roughly 10% as a reward for identifying a security flaw.
The team has indicated that, while they cannot recover the stolen funds immediately, the investigation into the hacker’s identity is ongoing.
This is not the first time Sonne Finance has faced security challenges. In February 2023, the protocol lost $1.55 million of TrueFi tokens in an exploit. Such recurring issues highlight the persistent vulnerabilities within DeFi protocols and the need for continuous improvement in security practices.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
6h : 17m ago
Weekly Article Recap: 11/18-11/22
November 22, 2024
Gary Gensler’s Departure and Its Impact on Crypto
November 22, 2024
Solana ($SOL) Hits All-Time High of $264: Possible Factors Behind the Surge
November 22, 2024
Trump’s New Crypto Advisory Committee Expected to Create U.S. Bitcoin Reserve: Report
November 21, 2024
Justin Sun Drops $6.2M on Controversial Banana Art, Calls It a "Cultural Phenomenon"
November 21, 2024
Trump’s Team Discusses Potential White House Crypto Role Amid Growing Industry Influence
November 21, 2024
Bitwise Joins Race for Solana ETF Amid Growing Interest in Crypto ETFs
November 20, 2024
Sky Protocol’s Flagship Stablecoin $USDS Expands to Solana