Sonne Finance, a cryptocurrency company, has been forced to cease its operations due to a hacking attack that resulted in the theft of $20 million worth of cryptocurrencies, including WETH and USDC. Efforts are currently underway to recover the stolen funds. On May 14, at approximately 10:30 pm UTC, the security firm Cyvers of the Web3 discovered an ongoing attack on the Sonne Finance contracts for USD Coin and Wrapped Ether (WETH).
Unfortunately, by the time Sonne Finance became aware of the situation, 25 minutes had already passed and the hacker had managed to steal $20 million worth of WETH, Velo, soVELO, and Wrapped USDC. Sonne Finance promptly announced on X at 12:11 a.m. UTC on May 15 that all markets on Optimism had been halted. The protocol team then collaborated with Cyvers to conduct a thorough investigation into the matter.
Sonne Finance is currently investigating every possible avenue to recover the stolen funds and is also considering offering a bug bounty to the hacker. In such cases, the hacker typically returns most of the stolen money and keeps a portion as a reward for discovering a security vulnerability.
However, the hacker has shown no willingness to engage in negotiations. According to PeckShield, a blockchain detective, the attacker has already transferred a substantial amount of the stolen funds ($7.8 million) to a new wallet address. The transaction involved the exchange of 59 WBTC for approximately 1,185 Ether and 183,000 Dai.
This action demonstrates a clear intention to launder the stolen funds through a privacy protocol like Tornado Cash in order to avoid detection. Sonne Finance’s post-mortem analysis revealed that the attack on their Compound v2 forks was carried out through a donation attack, exploiting a known bug. This information has been confirmed by a member of the PoorBabyCorn community, who questioned why Sonne Finance implemented Compound v2 despite being aware of the risks, suggesting the possibility of a deliberate backdoor.
Additionally, it has been alleged that the main hedge fund of the institutional investment firm BlockTower Capital, specializing in crypto, has also been breached and partially depleted. The stolen funds have yet to be recovered, and BlockTower has enlisted the help of blockchain forensic analysts to determine the destination of the funds and how the breach occurred.