BTC PULSE
No Result
View All Result
Play Now
No Result
View All Result
BTC PULSE
No Result
View All Result
Play Now
Home Blockchain

Sonne Finance Suffers $20M Exploit, Hacker Flees

by Dan K
May 15, 2024 - 7:26 pm
in Blockchain
Sonne Finance logo with a hacker background

Lending protocol Sonne Finance halted operations after a hack drained $20 million in cryptocurrencies, including WETH and USDC.

The Attack Timeline

On May 14, around 10:30 pm UTC, Web3 security firm Cyvers detected an ongoing attack on Sonne Finance’s USD and Wrapped Ether (WETH) contracts. Initially, the attacker had only stolen $3 in cryptocurrency. However, Sonne Finance only became aware of the issue 25 minutes later. By that time, $20 million worth of WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e) had already been drained.

https://twitter.com/CyversAlerts/status/1790509607074349448

Initial Response

On May 15 at 12:11 a.m. UTC, Sonne Finance made a vague announcement on X, stating, “All markets on Optimism have been paused” and that “Markets on Base are safe.” They assured users that more information would be provided “with time.” Soon after, the protocol partnered with Cyvers to investigate the situation further.

All markets on Optimism have been paused.

Markets on Base are safe.

We'll provide more information with time.

— Sonne Finance (@SonneFinance) May 15, 2024

How Sonne Finance Was Exploited

Three hours after their initial announcement, Sonne explained the situation further in a press release. The Optimism chain of Sonne Finance was exploited through a known donation attack on Compound v2 forks. Previously, measures were in place to combat the issue with 0% collateral factors, adding collateral, and burning them, before gradually increasing the collateral factors based on proposals.

However, a recent proposal was approved to integrate VELO markets into Sonne. Transactions were scheduled on a multi-sig wallet with a 2-day timelock. The exploit occurred as the timelock ended, allowing the hacker to execute transactions for market creation and adding collateral factors. After executing the markets undetected, the attacker was able to exploit the protocol for $20 million. However, the remaining $6.5M was saved by adding $100 worth of VELO to the markets.

The Aftermath and Recovery Efforts

Sonne Finance is working to recover the stolen funds, considering a bug bounty for their return. Usually, a 10% reward would be given to an exploiter for discovering a security flaw. However, it seems unlikely the hacker will comply. According to blockchain investigator PeckShield, the exploiter has already moved $7.8 million to a new wallet address. The exploiter then swapped 59 WBTC for roughly 1,185 Ether and 183,000 Dai, suggesting an intent to launder the stolen funds through a privacy protocol like Tornado Cash.

#PeckShieldAlert @SonneFinance exploiter-labeled address has transferred $7.8M worth of cryptos, including 100 $WBTC & 556.1 $ETH, to a new address 0x6277…4c07 #Optimism pic.twitter.com/g4oiP5akr4

— PeckShieldAlert (@PeckShieldAlert) May 15, 2024

Tornado Cash in Crypto Crime

Tornado Cash is an open-source cryptocurrency tumbler, also known as a “crypto mixer.” This tool obscures the path of crypto transactions, making it extremely difficult to determine the original source of the funds. Although created as a privacy tool, hackers often use these mixing services to launder stolen funds via decentralized exchange platforms.

Crypto mixers have seen significant adoption in recent years. In October 2023, over $77 million in assets were processed through Tornado Cash contracts. However, the majority of this adoption has been with illicit assets. Over the years, hackers have chosen crypto-mixing services over centralized exchanges as once they are identified, addresses are blocked by exchanges. Tornado Cash bypasses this, as a way to legitimize their source of funds by removing connections to a hacked wallet or illicit crypto activity.

Recently, the United Nations sanctions monitors noted that North Korea was involved in laundering $147.5 million in stolen cryptocurrency using Tornado Cash. Almost all the top multi-million dollar crypto hacks have utilized Tornado Cash to launder the proceeds, as per an Arkham Intelligence report. This prompted the US Treasury to impose sanctions on Tornado Cash in August 2022. As a result, its founders were charged with money laundering and sanctions violations a year later.

While opinions within the crypto community vary regarding the adoption of privacy tools, there is a consensus against the persecution of developers solely for creating an application. Although crypto-related frauds and scams are on the decline, it is important that users are educated on how to protect themselves from crypto crime.

Tags: BlockchainCryptocurrencyHack
Dan K

Dan K

Dan K, the chief editor, is a visionary wordsmith, shaping narratives with finesse. His discerning eye for detail creates literary masterpieces.

Related Posts

Exterior view of the Czech National Bank building in Prague, symbolizing the institution’s financial strategies and innovation.

Bank of England Governor Says Stablecoins Could Reduce Reliance on Banks

October 1, 2025

Andrew Bailey says stablecoins could reduce UK reliance on commercial banks by separating money from credit, signaling a...

blockchain

Spacecoin Executes First Blockchain Transaction Through Space

October 1, 2025

Spacecoin has achieved the first-ever blockchain transaction through space using a nanosatellite, marking a milestone for decentralization and...

The headquarters of the Autorité des Marchés Financiers (AMF) Investor in Paris, France, the regulatory body warning investors against ByBit.

French Officials Pressured Telegram to Censor Moldova Election Posts: Durov

September 28, 2025

Pavel Durov revealed French intelligence pressured Telegram to censor Moldova election content in 2024, which he refused, citing...

Wall Street financial district with Bitcoin symbol representing institutional adoption

Bitcoin skepticism fades as nations gear up for adoption, says Samson Mow

September 28, 2025

Samson Mow predicts nation-states will move from skepticism to rapid Bitcoin adoption, fueling global FOMO and a rush...

View All
BTC-Pulse LogoTransparent

© 2024 BTC-PULSE. Disclaimer: The content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice.

Info

  • Learn
  • Price Prediction
  • Events
  • Press Releases
  • Sitemap

Company

  • About Us
  • Terms of Service
  • Privacy Policy
  • Contact Us
  • Advertise

News

  • Altcoins
  • Bitcoin
  • Ethereum
  • NFT
  • Regulation
  • WEB 3.0

©2024 BTC-PULSE – All right Reserved.

No Result
View All Result
  • About Us
  • Advertise
  • BTC-PULSE
  • Contact Us
  • Events
  • Privacy Policy
  • Sitemap
  • Terms of Service