Sonne Finance 網路攻擊：去中心化借貸平台損失 2000 萬美元

5 月 14 日，去中心化借貸協議 Sonne Finance 面臨網路攻擊，導致 2000 萬美元被盜。這次攻擊發生在世界標準時間晚上 10:30 左右，是透過利用平台內的捐贈功能精心策劃的，攻擊者可以操縱匯率並竊取各種代幣。

Sonne Finance Hack: Decentralized Lending Protocol Loses $20 Million, Token Value Plummets

Sonne Finance 駭客攻擊：去中心化借貸協議損失 2000 萬美元，代幣價值暴跌

On May 14th, at approximately 10:30 pm UTC, decentralized lending protocol Sonne Finance fell victim to a brazen cyberattack that resulted in the theft of $20 million worth of cryptocurrency. This catastrophic event has sent shockwaves through the industry and exposed critical vulnerabilities in the burgeoning DeFi sector.

5 月 14 日，世界標準時間晚上 10:30 左右，去中心化借貸協議 Sonne Finance 遭受了一次無恥網路攻擊，導致價值 2000 萬美元的加密貨幣被盜。這一災難性事件給整個行業帶來了衝擊，並暴露了新興 DeFi 領域的嚴重漏洞。

The perpetrators of this malicious plot exploited a flaw in Sonne Finance's "donation" feature, cleverly manipulating the platform's token markets to pilfer a vast array of digital assets. The attack targeted pairs offered by the platform, and the hackers managed to steal multiple tokens before their actions were detected and ultimately halted.

這項惡意陰謀的實施者利用了Sonne Finance「捐贈」功能的缺陷，巧妙地操縱該平台的代幣市場，竊取了大量數位資產。攻擊針對的是平台提供的貨幣對，駭客在其行為被發現並最終停止之前成功竊取了多個代幣。

Sonne Finance, in a move to enhance its platform's functionality, had recently introduced token markets for Velodrome Finance's VELO in response to a community proposal. However, this move inadvertently created an opportunity for the attackers to exploit a two-day timelock embedded within the protocol.

為了增強其平台的功能，Sonne Finance 最近為 Velodrome Finance 的 VELO 引入了代幣市​​場，以回應社區提案。然而，這一舉動無意中為攻擊者創造了利用協議中嵌入的兩天時間鎖的機會。

Timelock contracts are smart contracts designed to execute transactions at a predetermined time. In the case of Sonne Finance, this timelock was set to two days after it was initiated. The attacker, with cunning and malicious intent, donated substantial amounts of crypto assets to manipulate the exchange rate between two tokens. This deceptive tactic tricked the platform into believing there was sufficient collateral, a fabricated illusion.

時間鎖合約是旨在預定時間執行交易的智慧合約。就 Sonne Finance 而言，該時間鎖定已設定為啟動後兩天。攻擊者懷著狡猾和惡意的意圖，捐贈了大量的加密資產來操縱兩種代幣之間的匯率。這種欺騙手段讓平台相信有足夠的抵押品，這是一種捏造的錯覺。

The attack was first detected by Cyvers, a renowned Web 3.0 security firm, approximately 25 minutes after its commencement. However, the exploit had already taken its toll on the Optimism blockchain version of the Sonne Finance platform, while the Base version remained unscathed.

這次攻擊是由著名的 Web 3.0 安全公司 Cyvers 在攻擊開始大約 25 分鐘後首先發現的。然而，該漏洞已經對 Sonne Finance 平台的 Optimism 區塊鏈版本造成了影響，而 Base 版本則毫髮無傷。

The stolen cryptocurrency included Sonne Finance's USD Coin (USDC), Wrapped Ether (WETH) contracts, Velo (VELO), soVELO, and Wrapped USDC (USDC.e). The perpetrator swiftly converted $8 million worth of these digital currencies into Bitcoin (BTC) and Ethereum (ETH), transferring them to a newly created wallet address, leaving behind a trail of malicious activity.

被盜的加密貨幣包括 Sonne Finance 的美元硬幣 (USDC)、Wrapped Ether (WETH) 合約、Velo (VELO)、soVELO 和 Wrapped USDC (USDC.e)。犯罪者迅速將價值 800 萬美元的這些數位貨幣轉換為比特幣 (BTC) 和以太坊 (ETH)，並將其轉移到新創建的錢包地址，留下了惡意活動的痕跡。

Sonne Finance, determined to recover its stolen assets, announced the suspension of all markets on the Optimism blockchain. The protocol has partnered with Cyvers to conduct a thorough investigation into the incident. Additionally, Sonne Finance has informed users that they are actively pursuing the recovery of the siphoned cryptocurrencies.

Sonne Finance 決心追回被盜資產，宣布暫停 Optimism 區塊鏈上的所有市場。該協議已與 Cyvers 合作，對此事件進行徹底調查。此外，Sonne Finance 已通知用戶，他們正在積極追回被吸走的加密貨幣。

In an attempt to entice the hacker to collaborate in identifying the vulnerability exploited, Sonne Finance has offered a 10% bug bounty, allowing the perpetrator to retain a portion of the stolen funds. However, the hacker's decision to transfer a significant amount of digital assets to a new wallet suggests a reluctance to engage in negotiations.

為了誘使駭客合作識別所利用的漏洞，Sonne Finance 提供了 10% 的漏洞賞金，讓犯罪者保留部分被盜資金。然而，駭客決定將大量數位資產轉移到新錢包，這表明駭客不願進行談判。

This brazen attack on Sonne Finance highlights the ongoing challenges and vulnerabilities faced by the DeFi sector. It underscores the critical need for enhanced security measures and robust protocols to safeguard user funds and protect the integrity of decentralized finance.

這次對 Sonne Finance 的無恥攻擊凸顯了 DeFi 領域持續面臨的挑戰和漏洞。它強調了加強安全措施和強大協議的迫切需要，以保護用戶資金並保護去中心化金融的完整性。

The incident serves as a wake-up call for the entire crypto community, emphasizing the paramount importance of vigilance, due diligence, and constant innovation to stay ahead of malicious actors. As the DeFi landscape continues to evolve, it is imperative that protocols, exchanges, and users alike remain vigilant to combat cyber threats and ensure the integrity of the burgeoning digital asset ecosystem.

該事件為整個加密貨幣社群敲響了警鐘，強調了保持警惕、盡職調查和不斷創新以領先惡意行為者的至關重要性。隨著 DeFi 格局的不斷發展，協議、交易所和用戶都必須保持警惕，以應對網路威脅並確保新興數位資產生態系統的完整性。