Skip to content

Major lending protocol hit by $20M hack; Bitcoin DeFi tool loses $4.3M

Major lending protocol hit by $20M hack; Bitcoin DeFi tool loses $4.3M

In a series of alarming incidents, two prominent decentralized finance (DeFi) platforms, Sonne Finance, and ALEX Lab, have been targeted by sophisticated hacks, resulting in a combined loss of $24.3 million in cryptocurrencies.

Sonne Finance halted operations after a $20 million exploit, while ALEX Lab lost $4.3 million due to a suspected private key compromise. Both platforms are now in a race to recover their stolen assets and prevent future breaches.

Sonne Finance: $20 million heist

Lending protocol Sonne Finance was forced to pause operations after suffering a hack that drained $20 million worth of cryptocurrencies from the market. 

The attack, which targeted Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts, was detected on May 14 by Web3 security firm Cyvers.

Sonne Finance announced the suspension of all markets on the Optimism (OP) blockchain to mitigate further damage. Partnering with Cyvers, the protocol is actively investigating the breach and exploring options to recover the stolen funds, including negotiating a bug bounty with the hacker. ‘

However, blockchain investigator PeckShield reported that the hacker has already moved a substantial portion of the loot ($7.8 million) to a new wallet address.

The hacker then swapped 59 Wrapped BTC (WBTC) for roughly 1,185 Ether (ETH) and 183,000 Dai (DAI), indicating an intent to use a privacy protocol like Tornado Cash to obscure the transaction trail.

Details of the exploit

According to the incident analysis by Certik ,the attack exploited a known bug in Sonne’s Compound v2 forks via a donation attack, manipulating the platform’s exchange rates by donating large amounts of cryptocurrency. 

This manipulation tricked the system into overestimating its collateral, allowing the hacker to siphon off millions. Blockexplorer data showed the attacker transferred millions of VELO, ETH , USDC following the manipulation, later converting these to $8 million in Bitcoin and Ether.

The SONNE token has since plummeted by 60%, drastically reducing its market cap to $20 million, even though developers managed to prevent an additional $6.5 million from being siphoned off once the attack was identified.

ALEX Lab: $4.3 million compromise

Simultaneously, ALEX Lab, a Bitcoin DeFi tool, was drained of over $4.3 million in various tokens due to a suspected private key compromise. Security researchers from CertiK revealed that the attackers likely obtained a private key controlling ALEX’s XLink bridge, a service facilitating token transfers between different blockchains.

The breach resulted in the loss of over $300,000 worth of Bitcoin, $3.3 million in stablecoins, and $75,000 in Sugar Kingdom (SKO) tokens.

ALEX developers confirmed the hack and claimed they knew the attacker’s identity, offering a 10% bounty for the return of 90% of the stolen funds. Major exchanges have since frozen funds associated with the hacker to prevent further misuse.

The recent hacks on Sonne Finance and ALEX Lab highlight the persistent security challenges facing DeFi platforms.

As these platforms work to recover stolen assets and enhance their security frameworks, the incidents serve as a stark reminder of the vulnerabilities inherent in the rapidly evolving DeFi landscape.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account? Sign In

Services

IMPORTANT NOTICE

Finbold is a news and information website. This Site may contain sponsored content, advertisements, and third-party materials, for which Finbold expressly disclaims any liability.

RISK WARNING: Cryptocurrencies are high-risk investments and you should not expect to be protected if something goes wrong. Don’t invest unless you’re prepared to lose all the money you invest. (Click here to learn more about cryptocurrency risks.)

By accessing this Site, you acknowledge that you understand these risks and that Finbold bears no responsibility for any losses, damages, or consequences resulting from your use of the Site or reliance on its content. Click here to learn more.