$20M exploit cripples Sonne Finance, hacker in no mood for negotiation

As a seasoned crypto investor with several years of experience in this space, I’m deeply concerned about the recent hack on Sonne Finance and the reported exploit of BlockTower Capital’s main hedge fund. These incidents serve as stark reminders that the crypto market is still riddled with risks, and investors must remain vigilant at all times.


Sonne Finance, a lending protocol in the cryptocurrency market, had to halt its activities following a cyberattack that stole approximately $20 million in digital currencies.

As a researcher investigating cybersecurity incidents, I came across a noteworthy event on May 14, approximately at 10:30 pm UTC. Cyvers, a leading Web3 security firm, reported an ongoing attack on Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts.

Yet, within 25 minutes of Sonne Finance discovering the issue, the hacker had successfully pilfered $20 million in WETH, VELO, soVELO, and Wrapped USDC (USDC.e) from their system.

At 12:11 am UTC on May 15, Sonne Finance made an announcement via X that all markets on the Optimism platform had been halted. Following this development, Sonne Finance collaborated with Cyvers to delve deeper into the matter.

As an analyst, I’m currently working on a solution to recover the stolen funds. One possible approach is engaging in negotiations with the hacker, proposing a bug bounty program under which they would return most of the funds and receive a percentage, around 10%, as remuneration for discovering the security flaw.

The hacker appears unwilling to engage in discussions, as reported by blockchain analyst PeckShield. Already, the exploiter has transferred a significant portion of the stolen funds ($7.8 million) to a fresh wallet address.

The individual who had gained unauthorized access then exchanged approximately 59 WBTC for around 1,185 Ether and 183,000 DAI in the next step. This transaction may indicate an attempt to conceal the origin of the ill-gotten funds by routing them through a privacy platform such as Tornado Cash.

An examination conducted by Sonne Finance revealed that malicious actors exploited a vulnerability in Sonne’s Compound v2 branches through a donation attack. This issue was previously identified and reported within the X community by a member named PoorBabyCorn.

Despite being aware of the risks, Sonne Finance was allegedly found using Compound v2. The question then arose, “Is this an intentional loophole instead?”

At the same time, reports suggest that the primary hedge fund of BlockTower Capital, a leading institutional investor in crypto, has allegedly been exploited and substantially depleted.

I’ve analyzed the situation, and it appears that the recovered funds have yet to materialize. To shed light on this issue, BlockTower has enlisted the help of blockchain forensic analysts. Their mission is twofold: firstly, to locate the missing funds using their advanced analytical skills; secondly, to uncover how the breach occurred. Regrettably, as of May 15, according to Bloomberg’s sources, the exploiter remains at large.

As a crypto investor, I’ve recently learned that the team behind this project has shared some news with their partners. According to reports, they manage a significant amount of assets totaling approximately $1.7 billion.

BlockTower did not immediately respond to CryptoMoon’s request for comment.

Last February, it appears that BlockTower suffered a loss of approximately $1.5 million due to a $2 million hack on the multichain exchange aggregator, Dexible.

According to Dexible’s statement, approximately 85% of the stolen funds originated from a handful of large investors. As identified by the on-chain analysis firm Arkham Intelligence, a wallet that held $1.5 million prior to being drained is associated with BlockTower.

Read More

2024-05-15 10:50