Sonne 金融遭駭客攻擊：2,000 萬美元損失引發 60% SONNE 代幣崩潰

針對去中心化借貸協議 Sonne Finance 的 2,000 萬美元漏洞導致其原生代幣 SONNE 的價值下跌 60%。此次洩漏涉及利用Compound V2 分叉的捐贈攻擊，從 Sonne 的 USDC 和 WETH 合約中抽走了資金。這起事件凸顯了人們對Compound V2 分叉安全性的擔憂，並引發了人們的疑問：這是否是一個有預謀的漏洞。 Sonne Finance正在積極追回資金，並已與駭客聯繫進行談判。

Sonne Finance's Catastrophic Hack: $20 Million Meltdown Triggers 60% SONNE Token Plunge

Sonne Finance 遭遇災難性駭客攻擊：2000 萬美元崩盤引發 SONNE 代幣暴跌 60%

A devastating exploit has rocked the foundations of Sonne Finance, a renowned decentralized lending platform, siphoning approximately $20 million from its coffers. The repercussions of this cataclysmic event have sent shockwaves through the cryptocurrency industry, resulting in a staggering 60% plummet in the value of Sonne Finance's native token, SONNE.

一次毀滅性的攻擊動搖了著名的去中心化借貸平台 Sonne Finance 的根基，從其金庫中挪走了大約 2000 萬美元。這起災難性事件的影響給加密貨幣產業帶來了衝擊，導致 Sonne Finance 的原生代幣 SONNE 的價值暴跌 60%。

Initial Breach Detection and Announcement

初始違規檢測和公告

The nefarious activity was first detected at approximately 10:00 PM UTC on May 14th, 2024, by Cyvers Alerts, a leading Web3 security firm. Initial investigations revealed that the hacker had already pilfered $3 million from Sonne Finance's USDC and WETH contracts.

領先的 Web3 安全公司 Cyvers Alerts 於 2024 年 5 月 14 日世界標準時間晚上 10 點左右首次偵測到這項惡意活動。初步調查顯示，駭客已經從 Sonne Finance 的 USDC 和 WETH 合約中竊取了 300 萬美元。

"ALERT! We have detected an attack on @SonneFinance, $3 million have been stolen from their USDC and WETH contracts. Please contact us for more information." - Cyvers Alerts (@CyversAlerts) May 14, 2024

“警報！我們檢測到 @SonneFinance 遭到攻擊，他們的 USDC 和 WETH 合約中的 300 萬美元被盜。請聯繫我們以了解更多信息。” - Cyvers 警報 (@CyversAlerts) 2024 年 5 月 14 日

Sonne Finance Confirms Breach and Suspends Operations

Sonne Finance 確認違規並暫停運營

Barely 25 minutes after Cyvers Alerts' initial alert, Sonne Finance corroborated the suspicions, confirming the hack and suspending its operations on the Optimism platform. However, the company reassured users that markets on its Base platform remained secure and promised to provide further updates.

在 Cyvers Alerts 首次發出警報後不到 25 分鐘，Sonne Finance 證實了這一懷疑，確認了駭客攻擊，並暫停了 Optimism 平台上的運作。然而，該公司向用戶保證其 Base 平台上的市場仍然安全，並承諾提供進一步的更新。

"All markets on Optimism have been paused. Markets on Base are safe. We'll provide more information with time." - Sonne Finance (@SonneFinance) May 15, 2024

“所有 Optimism 市場都已暫停。Base 市場是安全的。我們將及時提供更多資訊。” - Sonne Finance (@SonneFinance) 2024 年 5 月 15 日

Post-Mortem Investigation Unravels Details of Exploit

屍檢調查揭示了漏洞利用的細節

In a post-mortem report released the following morning, Sonne Finance painstakingly outlined the modus operandi of the breach. The investigation unearthed a highly sophisticated donation attack executed on Sonne's Compound V2 forks, which laid the groundwork for the exploit.

在第二天早上發布的事後報告中，Sonne Finance 煞費苦心地概述了這次洩漏的作案手法。調查發現了對 Sonne 的Compound V2 叉子執行的高度複雜的捐贈攻擊，這為該漏洞利用奠定了基礎。

Exploit Details and Perpetrator's Manipulation

利用細節和犯罪者的操縱

According to Sonne Finance's meticulous probe, the exploit was meticulously orchestrated following the passage of a protocol to add VELO markets to Sonne. The perpetrator, exploiting the two-day timelock contract, initiated a series of strategic donations designed to manipulate the system's algorithm.

根據 Sonne Finance 的細緻調查，該漏洞是在向 Sonne 添加 VELO 市場的協議通過後精心策劃的。犯罪者利用兩天的時間鎖合約發起了一系列旨在操縱系統演算法的策略性捐贈。

These calculated actions allowed the attacker to pilfer over a million units of Velo, Ether, and USDC, which were subsequently converted into Bitcoin (BTC) and Ether (ETH) and transferred to a newly created wallet address.

這些經過計算的操作使攻擊者能夠竊取超過 100 萬單位的 Velo、以太幣和 USDC，這些貨幣隨後被轉換為比特幣 (BTC) 和以太幣 (ETH) 並轉移到新創建的錢包地址。

"The @SonneFinance team deployed the $VelodromeV2 market contract 4 days ago... Then, two days ago, they scheduled an operation to add $VelodromeV2 to the market... Here's the problem: It's been over a year since the First Deposit... bug." - PoorBabyCorn (@GiantBabyCorn) May 15, 2024

「@SonneFinance 團隊在 4 天前部署了 $VelodromeV2 市場合約...然後，兩天前，他們安排了一項操作，將 $VelodromeV2 添加到市場...問題是：距離首次存款已經一年多了... 漏洞。 -PoorBabyCorn (@GiantBabyCorn) 2024 年 5 月 15 日

Independent Developer Questions Premeditation

獨立開發者質疑預謀

An independent developer working on the X platform raised alarming concerns that the same bug had been plaguing users for over a year. This prompted the developer to question whether Sonne Finance's decision to proceed with the Compound V2 fork was a deliberate attempt to create a "premeditated backdoor."

一位在 X 平台上工作的獨立開發人員提出了令人擔憂的擔憂，因為同樣的錯誤已經困擾用戶一年多了。這促使開發者質疑 Sonne Finance 繼續進行Compound V2分叉的決定是否是故意嘗試創建「有預謀的後門」。

Recovery Efforts and Negotiations with Hacker

恢復工作以及與駭客的談判

Sonne Finance has reportedly exhausted all available avenues to reclaim the stolen funds, including reaching out to Cyvers Alerts for assistance. Furthermore, the company initiated negotiations with the perpetrator, offering a 10% bug bounty in exchange for the return of the remaining funds. However, the hacker has thus far remained unmoved by the offer.

據報道，Sonne Finance 已用盡所有可用途徑來追回被盜資金，包括向 Cyvers Alerts 尋求幫助。此外，該公司還與肇事者展開談判，提供 10% 的漏洞賞金，以換取剩餘資金的回饋。然而，到目前為止，駭客仍然對這項提議不為所動。

SONNE Token Tanks Amidst Market Panic

SONNE 代幣在市場恐慌中下跌

The catastrophic exploit on Sonne Finance triggered a wave of panic selling that sent the value of its native SONNE token plummeting by a staggering 60% in just 24 hours. As of 11:00 AM UTC on May 15th, 2024, SONNE had plunged from $0.06491 to a mere $0.02377.

Sonne Finance 的災難性漏洞引發了一波恐慌性拋售，導致其原生 SONNE 代幣的價值在短短 24 小時內暴跌 60%。截至 2024 年 5 月 15 日上午 11:00（世界標準時間），SONNE 已從 0.06491 美元暴跌至僅 0.02377 美元。

"SONNEN Token as of 11:00 AM UTC on May 15, 2024." (Source: CoinMarketCap)

“SONNEN 代幣截至 2024 年 5 月 15 日上午 11:00 UTC。” （來源：CoinMarketCap）

Concurrent with the token's precipitous decline, its trading volume surged by an astonishing 293%, with over $484,800 worth of SONNE being exchanged between addresses. Sonne Finance's token has a finite supply of 100 million units, with approximately 79.93 million currently in circulation, resulting in an estimated market capitalization of approximately $2 million.

在該代幣急劇下跌的同時，其交易量驚人地飆升了 293%，地址之間交換的 SONNE 價值超過 484,800 美元。 Sonne Finance 的代幣供應有限，為 1 億個，目前流通中的代幣約為 7,993 萬個，預計市值約 200 萬美元。

Conclusion

結論

The $20 million exploit on Sonne Finance serves as a stark reminder of the vulnerabilities that continue to plague the decentralized finance (DeFi) sector. The incident has raised questions about the platform's security protocols and the potential for premeditated attacks. Sonne Finance's efforts to recover the stolen funds and stabilize the value of its native token remain ongoing, but the full repercussions of this catastrophic event are yet to be fully realized. As the DeFi ecosystem matures, it is imperative that platforms prioritize robust security measures to safeguard user assets and maintain investor confidence.

Sonne Finance 價值 2000 萬美元的漏洞清楚地提醒人們，繼續困擾去中心化金融（DeFi）領域的漏洞。這起事件引發了對該平台安全協定和預謀攻擊可能性的質疑。 Sonne Finance 仍在繼續努力追回被盜資金並穩定其原生代幣的價值，但這一災難性事件的全面影響尚未完全實現。隨著 DeFi 生態的成熟，平台必須優先考慮強有力的安全措施，以保護用戶資產並維護投資者信心。