$20M exploit cripples Sonne Finance, hacker in no mood for negotiation

Sonne Finance halted operations after a hack drained $20 million in cryptocurrencies, including WETH and USDC. Efforts to recover the funds are ongoing.

Lending protocol Sonne Finance was forced to pause operations after suffering a hack that drained $20 million worth of cryptocurrencies from the market.

On May 14, around 10:30 pm UTC, Web3 security firm Cyvers detected an ongoing attack on Sonne Finances USD Coin (USDC) and Wrapped Ether (WETH) contracts.

However, when Sonne Finance became aware of the situation 25 minutes later, the hacker had already stolen $20 million in WETH, Velo (VELO), soVELO and Wrapped USDC (USDC.e).

Source: Sonne Finance

On May 15 at 12:11 am UTC, Sonne Finance announced on X that “All markets on Optimism have been paused.” Soon after, the protocol partnered with Cyvers to investigate the situation further.

Sonne is currently exploring all options to retrieve the stolen funds, including negotiating a bug bounty for the hacker. In such situations, the hacker returns most of the stolen funds and keeps roughly 10% of the loot as a reward for finding a security flaw.

However, the hacker seems to be in no mood for negotiations. According to blockchain investigator PeckShield, the exploiter has already moved a large chunk of the loot ($7.8 million) to a new wallet address.

Source: PeckShield

The exploiter then swapped 59 WBTC for roughly 1,185 Ether (ETH) and 183,000 Dai (DAI). The move suggests an intent to siphon the stolen funds through a privacy protocol like Tornado Cash to deter traceability.

Sonne Finance‘s post-mortem found that a donation attack was conducted on Sonne’s Compound v2 forks, which had a known bug, according to X community member PoorBabyCorn.

They accused Sonne Finance of using Compound v2 despite knowing the risks and asked, “If this isnt a premeditated backdoor, what is？”

In parallel, the main hedge fund of crypto institutional investment firm BlockTower Capital has reportedly been exploited and partially drained.

The funds have not been recovered, and BlockTower has employed blockchain forensic analysts to trace the funds and determine how they were breached. The exploiter has also not been arrested, Bloomberg reported on May 15, citing people familiar with the matter.

Its partners have been informed about the incident. It reportedly has $1.7 billion in assets under management.

BlockTower did not immediately respond to Cointelegraphs request for comment.

In February 2023, BlockTower seemingly lost around $1.5 million in the $2 million exploit of the multichain exchange aggregator Dexible.

Dexible said that around 85% of the stolen funds were from a “few big whales.” On-chain intelligence platform Arkham Intelligence labeled a wallet drained of $1.5 million as belonging to BlockTower.