HomeSecurity OperationsSonne Finance hit with $20M cyber attack, hacker escapes

Sonne Finance hit with $20M cyber attack, hacker escapes

Published on

spot_img

In a recent turn of events, lending protocol Sonne Finance has been forced to cease operations following a devastating hack that resulted in the loss of $20 million in cryptocurrencies, specifically WETH and USDC. This incident unfolded on May 14, with the attack initially targeting Sonne Finance’s USD and Wrapped Ether (WETH) contracts. At the onset of the breach, only $3 in cryptocurrency had been siphoned off, but the situation quickly escalated, culminating in the loss of $20 million in WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e).

It is worth noting that Sonne Finance was unaware of the breach until 25 minutes after the attack had commenced. In a proactive response, the protocol promptly halted all markets on the Optimism chain and reassured users that the Base markets remained secure. Furthermore, Sonne Finance joined forces with cybersecurity firm Cyvers to delve deeper into the breach and assess the extent of the damage.

As further details emerged, Sonne Finance released a press statement shedding light on the exploit. The breach was executed through a known donation attack on Compound v2 forks, circumventing existing security measures. The hacker took advantage of a lapse in the timelock on a multi-sig wallet, enabling them to manipulate the markets and extract $20 million from the protocol. Despite efforts to salvage $6.5 million through strategic interventions, a substantial sum of $7.8 million was swiftly siphoned off to a separate wallet address by the exploiter.

At present, Sonne Finance is actively pursuing avenues to recover the stolen funds and has even expressed willingness to offer a bug bounty to the exploiter in exchange for the return of the funds. However, indications suggest that the hacker may seek to launder the stolen assets through privacy protocols like Tornado Cash, complicating the recovery process.

Tornado Cash, a cryptocurrency tumbler renowned for obfuscating transaction trails, has garnered widespread notoriety for aiding in the laundering of illicitly obtained assets. Hackers often exploit such mixing services to obscure the origins of stolen funds, posing challenges for law enforcement agencies and regulatory bodies in tracking and retrieving illicit assets.

While the utilization of privacy tools like Tornado Cash remains contentious within the cryptocurrency community, recent incidents involving the laundering of large sums of stolen cryptocurrency have sparked regulatory scrutiny and calls for stricter oversight. As the industry grapples with evolving threats of cybercrime and fraud, educating users on safeguarding themselves against such risks is paramount to ensuring the security and integrity of the crypto ecosystem.

Source link

Latest articles

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A critical vulnerability in Fortinet's FortiSIEM product has recently been exploited, raising concerns about...

Microsoft reveals North Korea’s Moonstone Sleet

Microsoft Threat Intelligence teams recently made a significant discovery regarding a new hacker collective...

AI, Deepfakes, and Digital ID in Corporate Cybersecurity: Exploring the Emerging Frontier

The emergence of deepfakes has sparked a new wave of concern in the cybersecurity...

The Challenge of CVE Incentives

In the realm of cybersecurity, the issue of software vulnerabilities is becoming increasingly challenging...

More like this

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A critical vulnerability in Fortinet's FortiSIEM product has recently been exploited, raising concerns about...

Microsoft reveals North Korea’s Moonstone Sleet

Microsoft Threat Intelligence teams recently made a significant discovery regarding a new hacker collective...

AI, Deepfakes, and Digital ID in Corporate Cybersecurity: Exploring the Emerging Frontier

The emergence of deepfakes has sparked a new wave of concern in the cybersecurity...
en_USEnglish