Sonne Finance, a lending protocol, recently fell victim to a hack that resulted in the loss of $20 million in cryptocurrencies. The attack targeted their USDC and Wrapped Ether (WETH) contracts, with $3 million being stolen initially. Unfortunately, Sonne Finance was only made aware of the breach 25 minutes later, by which time the hacker had already drained $20 million in various tokens. Following the attack, Sonne Finance temporarily halted all markets on Optimism, ensuring that markets on Base remained secure. The protocol has since partnered with Web3 security firm Cyvers to investigate the incident further.
In a subsequent press release, Sonne Finance detailed how the exploit occurred. The hacker took advantage of a known donation attack on Compound v2 forks within the Optimism chain. Despite existing measures to prevent such attacks, including 0% collateral factors and gradual increases based on proposals, a recent proposal integrating VELO markets into Sonne was approved. As a result, transactions were scheduled on a multi-sig wallet with a 2-day timelock, which the hacker exploited when it ended. By creating markets and adding collateral factors undetected, the attacker was able to steal $20 million. Sonne Finance is currently working towards recovering the stolen funds, offering a bug bounty for their return and potentially awarding a 10% reward to the exploiter.
The hacker responsible for the Sonne Finance attack has already moved a significant portion of the stolen funds to another wallet address, indicating an intention to launder the cryptocurrency. By swapping 59 WBTC for 1,185 Ether and 183,000 Dai, the hacker may be attempting to launder the funds through Tornado Cash, a cryptocurrency tumbler that obscures transaction paths. While Tornado Cash was originally intended for privacy purposes, it has increasingly been used by hackers to launder illicit funds through decentralized exchanges. The tool has seen significant adoption, with over $77 million in assets processed through its contracts in October 2023.
However, the use of crypto mixers like Tornado Cash for illicit activities has raised concerns, particularly regarding money laundering and sanctions violations. The United Nations sanctions monitors have noted cases of countries like North Korea using Tornado Cash to launder stolen cryptocurrency. In response to these concerns, the US Treasury imposed sanctions on Tornado Cash in August 2022, leading to charges against its founders for money laundering and sanctions violations. Despite these developments, the crypto community remains divided on the use of privacy tools, emphasizing the importance of educating users on how to protect themselves from crypto crime.
As the investigation into the Sonne Finance hack continues, the protocol is determined to recover the stolen funds and prevent similar attacks in the future. By partnering with cybersecurity experts like Cyvers, Sonne Finance aims to strengthen its security measures and regain user trust. The incident serves as a reminder of the risks associated with decentralized finance and the importance of implementing robust security protocols to safeguard users’ assets. By raising awareness about the prevalence of crypto crime and promoting responsible usage of privacy tools, the industry can work towards creating a safer and more secure environment for all participants.
