At least two DeFi projects were targeted by significant exploits in the early hours of today, resulting in millions of dollars in losses.
Sonne Finance exploited
Decentralized liquidity provider Sonne Finance fell victim to a $20 million exploit on its Optimism network-based USDC and Wrapped Ethereum (WETH) contracts, according to blockchain security firm Cyvers.
In a May 15 statement, the DeFi protocol confirmed the incident and attributed the exploit to a donation attack on its Compound v2 forks. It stated:
“We avoided the issue in the past, by adding the markets with 0% collateral factors, adding collateral and burn them, only then increase the c-factors according to the proposals.”
However, an integration attempt of VELO into the Optimism market allowed the attacker to exploit the protocol unnoticed, resulting in the loss.
Meanwhile, security experts prevented an additional $6.5 million theft by injecting $100 VELO as collateral into the soVELO pool.
Sonne Finance has expressed readiness to offer a bounty to the attacker as efforts to recover the funds continue.
Following the theft, the price of SONNE, a digital asset connected to the project, fell by more than 60% to $0.02617 as of press time.
Bitcoin DeFi project lose over $4 million
ALEX Lab, a Bitcoin DeFi application, lost over $4 million in various tokens to a hacking incident earlier today.
Blockchain security firm CertiK reported that the attackers likely gained access to the private key controlling ALEX’s XLink bridge. This service enables users to transfer tokens across different blockchains.
The hacker successfully moved approximately $300,000 worth of BTC, $3.3 million in stablecoins, and $75,000 of Sugar Kingdom tokens.
ALEX Lab developers confirmed the hack and asserted that they had identified the attacker. The team also stated:
“A significant amount of the funds associated with the hacker has been frozen by major exchanges, preventing further misuse.”
Nevertheless, the project offered a 10% bounty to the hacker, adding that:
“ALEX assures that upon compliance, there will be no further pursuit or law enforcement involvement. This offer stands until 18 May at 0800 UTC. The individual responsible should contact [email protected].”
Mentioned in this article
TRON DAO at Cornell Blockchain Conference
Anchorage Digital Adds Support for Native DYDX Staking
CROSS THE AGES Raises $3.5M in Equity Round Led by Animoca Brands, and Lists on Major Exchanges
Lingo Launches Biggest SocialFi Campaign Yet with Multi-Million Token Reward Pool
More Stories
FILLiquid Launches FIG Staking to Introduce Revenue Sharing for Its FIL Borrowing Platform
Crypto whale loses $36M in major phishing scam causing DETH depeg
BitMEX launches Automated Trading Bots for Effortless Crypto Trades