Sonne Finance, a lending protocol, was forced to halt operations after a hacker exploited a vulnerability and stole $20 million in cryptocurrencies, including WETH and USDC. The attack was detected by Web3 security firm Cyvers on May 14, around 10:30 PM UTC. Despite efforts to negotiate a bug bounty with the hacker, the exploiter has shown no interest in returning the funds and has already moved a significant portion to a new wallet. Sonne Finance is exploring all options to recover the stolen assets. The incident has raised concerns about the security of DeFi protocols, especially those using known vulnerable contracts like Compound V2 forks. In a related incident, BlockTower Capital's main hedge fund was also exploited, with funds partially drained. The firm is working with blockchain forensic analysts to trace the stolen assets.

USDC

Lending protocol Sonne Finance was forced to pause operations after suffering a hack that drained $20 million worth of cryptocurrencies from the market. On May 14, around 10:30 pm UTC, Web3 security firm Cyvers detected an ongoing attack on Sonne Finance’s USD Coin ( USDC ) and Wrapped Ether (WETH) contracts. However, when Sonne Finance became aware of the situation 25 minutes later, the hacker had already stolen $20 million in WETH, VELO (VELO), soVELO and Wrapped USDC (USDC.e). On May 15 at 12:11 am UTC, Sonne Finance announced on X that “All markets on Optimism have been paused.” Soon after, the protocol partnered with Cyvers to investigate the situation further. Sonne is currently exploring all options to retrieve the stolen funds, including negotiating a bug bounty for the hacker. In such situations, the hacker returns most of the stolen funds and keeps roughly 10% of the loot as a reward for finding a security flaw. However, the hacker seems to be in no mood for negotiations. According to blockchain investigator PeckShield, the exploiter has already moved a large chunk of the loot ($7.8 million) to a new wallet address. The exploiter then swapped 59 WBTC for roughly 1,185 ETH and 183,000 Dai ( DAI ). The move suggests an intent to siphon the stolen funds through a privacy protocol like Tornado Cash to deter traceability. Sonne Finance’s post-mortem found that a donation attack was conducted on Sonne’s Compound v2 forks, which had a known bug, according to X community member PoorBabyCorn. They accused Sonne Finance of using Compound v2 despite knowing the risks and asked, “If this isn’t a premeditated backdoor, what is?” In parallel, the main hedge fund of crypto institutional investment firm BlockTower Capital has reportedly been exploited and partially drained. The funds have not been recovered, and BlockTower has employed blockchain forensic analysts to trace the funds and determine how they were breached. The exploiter has also not been arrested, Bloomberg reported on May 15, citing people familiar with the matter. Related: Stolen Poloniex Ether worth $53M never made it back to the exchange Its partners have been informed about the incident. It reportedly has $1.7 billion in assets under management. BlockTower did not immediately respond to Cointelegraph’s request for comment. In February last year, BlockTower seemingly lost around $1.5 million in the $2 million exploit of the multichain exchange aggregator Dexible. Dexible said that around 85% of the stolen funds were from a “few big whales.” On-chain intelligence platform Arkham Intelligence labeled a wallet drained of $1.5 million as belonging to BlockTower. Magazine: ‘Sic AIs on each other’ to prevent AI apocalypse: David Brin, sci-fi author 

$20M Hack Forces Sonne Finance to Halt Operations, No Negotiations with Hacker