In a recent turn of events, lending protocol Sonne Finance has been forced to cease operations following a devastating hack that resulted in the loss of $20 million in cryptocurrencies, specifically WETH and USDC. This incident unfolded on May 14, with the attack initially targeting Sonne Finance’s USD and Wrapped Ether (WETH) contracts. At the onset of the breach, only $3 in cryptocurrency had been siphoned off, but the situation quickly escalated, culminating in the loss of $20 million in WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e).

It is worth noting that Sonne Finance was unaware of the breach until 25 minutes after the attack had commenced. In a proactive response, the protocol promptly halted all markets on the Optimism chain and reassured users that the Base markets remained secure. Furthermore, Sonne Finance joined forces with cybersecurity firm Cyvers to delve deeper into the breach and assess the extent of the damage.

As further details emerged, Sonne Finance released a press statement shedding light on the exploit. The breach was executed through a known donation attack on Compound v2 forks, circumventing existing security measures. The hacker took advantage of a lapse in the timelock on a multi-sig wallet, enabling them to manipulate the markets and extract $20 million from the protocol. Despite efforts to salvage $6.5 million through strategic interventions, a substantial sum of $7.8 million was swiftly siphoned off to a separate wallet address by the exploiter.

At present, Sonne Finance is actively pursuing avenues to recover the stolen funds and has even expressed willingness to offer a bug bounty to the exploiter in exchange for the return of the funds. However, indications suggest that the hacker may seek to launder the stolen assets through privacy protocols like Tornado Cash, complicating the recovery process.

Tornado Cash, a cryptocurrency tumbler renowned for obfuscating transaction trails, has garnered widespread notoriety for aiding in the laundering of illicitly obtained assets. Hackers often exploit such mixing services to obscure the origins of stolen funds, posing challenges for law enforcement agencies and regulatory bodies in tracking and retrieving illicit assets.

While the utilization of privacy tools like Tornado Cash remains contentious within the cryptocurrency community, recent incidents involving the laundering of large sums of stolen cryptocurrency have sparked regulatory scrutiny and calls for stricter oversight. As the industry grapples with evolving threats of cybercrime and fraud, educating users on safeguarding themselves against such risks is paramount to ensuring the security and integrity of the crypto ecosystem.

Source link