Sonne Finance 网络攻击：去中心化借贷平台损失 2000 万美元

5 月 14 日，去中心化借贷协议 Sonne Finance 面临网络攻击，导致 2000 万美元被盗。这次攻击发生在世界标准时间晚上 10:30 左右，是通过利用平台内的捐赠功能精心策划的，攻击者可以操纵汇率并窃取各种代币。

Sonne Finance Hack: Decentralized Lending Protocol Loses $20 Million, Token Value Plummets

Sonne Finance 黑客攻击：去中心化借贷协议损失 2000 万美元，代币价值暴跌

On May 14th, at approximately 10:30 pm UTC, decentralized lending protocol Sonne Finance fell victim to a brazen cyberattack that resulted in the theft of $20 million worth of cryptocurrency. This catastrophic event has sent shockwaves through the industry and exposed critical vulnerabilities in the burgeoning DeFi sector.

5 月 14 日，世界标准时间晚上 10:30 左右，去中心化借贷协议 Sonne Finance 遭受了一次无耻网络攻击，导致价值 2000 万美元的加密货币被盗。这一灾难性事件给整个行业带来了冲击，并暴露了新兴 DeFi 领域的严重漏洞。

The perpetrators of this malicious plot exploited a flaw in Sonne Finance's "donation" feature, cleverly manipulating the platform's token markets to pilfer a vast array of digital assets. The attack targeted pairs offered by the platform, and the hackers managed to steal multiple tokens before their actions were detected and ultimately halted.

这一恶意阴谋的实施者利用了Sonne Finance“捐赠”功能的缺陷，巧妙地操纵该平台的代币市场，窃取了大量数字资产。攻击针对的是平台提供的货币对，黑客在其行为被发现并最终停止之前成功窃取了多个代币。

Sonne Finance, in a move to enhance its platform's functionality, had recently introduced token markets for Velodrome Finance's VELO in response to a community proposal. However, this move inadvertently created an opportunity for the attackers to exploit a two-day timelock embedded within the protocol.

为了增强其平台的功能，Sonne Finance 最近为 Velodrome Finance 的 VELO 引入了代币市场，以响应社区提案。然而，这一举动无意中为攻击者创造了利用协议中嵌入的两天时间锁的机会。

Timelock contracts are smart contracts designed to execute transactions at a predetermined time. In the case of Sonne Finance, this timelock was set to two days after it was initiated. The attacker, with cunning and malicious intent, donated substantial amounts of crypto assets to manipulate the exchange rate between two tokens. This deceptive tactic tricked the platform into believing there was sufficient collateral, a fabricated illusion.

时间锁合约是旨在在预定时间执行交易的智能合约。就 Sonne Finance 而言，该时间锁定被设置为启动后两天。攻击者怀着狡猾和恶意的意图，捐赠了大量的加密资产来操纵两种代币之间的汇率。这种欺骗手段让平台相信有足够的抵押品，这是一种捏造的错觉。

The attack was first detected by Cyvers, a renowned Web 3.0 security firm, approximately 25 minutes after its commencement. However, the exploit had already taken its toll on the Optimism blockchain version of the Sonne Finance platform, while the Base version remained unscathed.

这次攻击是由著名的 Web 3.0 安全公司 Cyvers 在攻击开始大约 25 分钟后首先发现的。然而，该漏洞已经对 Sonne Finance 平台的 Optimism 区块链版本造成了影响，而 Base 版本则毫发无伤。

The stolen cryptocurrency included Sonne Finance's USD Coin (USDC), Wrapped Ether (WETH) contracts, Velo (VELO), soVELO, and Wrapped USDC (USDC.e). The perpetrator swiftly converted $8 million worth of these digital currencies into Bitcoin (BTC) and Ethereum (ETH), transferring them to a newly created wallet address, leaving behind a trail of malicious activity.

被盗的加密货币包括 Sonne Finance 的美元硬币 (USDC)、Wrapped Ether (WETH) 合约、Velo (VELO)、soVELO 和 Wrapped USDC (USDC.e)。犯罪者迅速将价值 800 万美元的这些数字货币转换为比特币 (BTC) 和以太坊 (ETH)，并将其转移到新创建的钱包地址，留下了恶意活动的痕迹。

Sonne Finance, determined to recover its stolen assets, announced the suspension of all markets on the Optimism blockchain. The protocol has partnered with Cyvers to conduct a thorough investigation into the incident. Additionally, Sonne Finance has informed users that they are actively pursuing the recovery of the siphoned cryptocurrencies.

Sonne Finance 决心追回被盗资产，宣布暂停 Optimism 区块链上的所有市场。该协议已与 Cyvers 合作，对该事件进行彻底调查。此外，Sonne Finance 已通知用户，他们正在积极追回被吸走的加密货币。

In an attempt to entice the hacker to collaborate in identifying the vulnerability exploited, Sonne Finance has offered a 10% bug bounty, allowing the perpetrator to retain a portion of the stolen funds. However, the hacker's decision to transfer a significant amount of digital assets to a new wallet suggests a reluctance to engage in negotiations.

为了诱使黑客合作识别所利用的漏洞，Sonne Finance 提供了 10% 的漏洞赏金，允许犯罪者保留部分被盗资金。然而，黑客决定将大量数字资产转移到新钱包，这表明黑客不愿进行谈判。

This brazen attack on Sonne Finance highlights the ongoing challenges and vulnerabilities faced by the DeFi sector. It underscores the critical need for enhanced security measures and robust protocols to safeguard user funds and protect the integrity of decentralized finance.

这次对 Sonne Finance 的无耻攻击凸显了 DeFi 领域持续面临的挑战和漏洞。它强调了加强安全措施和强大协议的迫切需要，以保护用户资金并保护去中心化金融的完整性。

The incident serves as a wake-up call for the entire crypto community, emphasizing the paramount importance of vigilance, due diligence, and constant innovation to stay ahead of malicious actors. As the DeFi landscape continues to evolve, it is imperative that protocols, exchanges, and users alike remain vigilant to combat cyber threats and ensure the integrity of the burgeoning digital asset ecosystem.

该事件为整个加密货币社区敲响了警钟，强调了保持警惕、尽职调查和不断创新以领先于恶意行为者的至关重要性。随着 DeFi 格局的不断发展，协议、交易所和用户都必须保持警惕，以应对网络威胁并确保新兴数字资产生态系统的完整性。