Sonne 金融遭黑客攻击：2000 万美元损失引发 60% SONNE 代币崩溃

针对去中心化借贷协议 Sonne Finance 的 2000 万美元漏洞导致其原生代币 SONNE 的价值下跌 60%。此次泄露涉及利用Compound V2 分叉进行的捐赠攻击，从 Sonne 的 USDC 和 WETH 合约中抽走了资金。该事件凸显了人们对Compound V2 分叉安全性的担忧，并引发了人们的疑问：这是否是一个有预谋的漏洞。 Sonne Finance正在积极追回资金，并已与黑客联系进行谈判。

Sonne Finance's Catastrophic Hack: $20 Million Meltdown Triggers 60% SONNE Token Plunge

Sonne Finance 遭遇灾难性黑客攻击：2000 万美元崩溃引发 SONNE 代币暴跌 60%

A devastating exploit has rocked the foundations of Sonne Finance, a renowned decentralized lending platform, siphoning approximately $20 million from its coffers. The repercussions of this cataclysmic event have sent shockwaves through the cryptocurrency industry, resulting in a staggering 60% plummet in the value of Sonne Finance's native token, SONNE.

一次毁灭性的攻击动摇了著名的去中心化借贷平台 Sonne Finance 的根基，从其金库中挪走了大约 2000 万美元。这一灾难性事件的影响给加密货币行业带来了冲击，导致 Sonne Finance 的原生代币 SONNE 的价值暴跌 60%。

Initial Breach Detection and Announcement

初始违规检测和公告

The nefarious activity was first detected at approximately 10:00 PM UTC on May 14th, 2024, by Cyvers Alerts, a leading Web3 security firm. Initial investigations revealed that the hacker had already pilfered $3 million from Sonne Finance's USDC and WETH contracts.

领先的 Web3 安全公司 Cyvers Alerts 于 2024 年 5 月 14 日世界标准时间晚上 10:00 左右首次检测到这一恶意活动。初步调查显示，黑客已经从 Sonne Finance 的 USDC 和 WETH 合约中窃取了 300 万美元。

"ALERT! We have detected an attack on @SonneFinance, $3 million have been stolen from their USDC and WETH contracts. Please contact us for more information." - Cyvers Alerts (@CyversAlerts) May 14, 2024

“警报！我们检测到 @SonneFinance 遭到攻击，他们的 USDC 和 WETH 合约中的 300 万美元被盗。请联系我们了解更多信息。” - Cyvers 警报 (@CyversAlerts) 2024 年 5 月 14 日

Sonne Finance Confirms Breach and Suspends Operations

Sonne Finance 确认违规并暂停运营

Barely 25 minutes after Cyvers Alerts' initial alert, Sonne Finance corroborated the suspicions, confirming the hack and suspending its operations on the Optimism platform. However, the company reassured users that markets on its Base platform remained secure and promised to provide further updates.

在 Cyvers Alerts 首次发出警报后不到 25 分钟，Sonne Finance 证实了这一怀疑，确认了黑客攻击，并暂停了 Optimism 平台上的运营。然而，该公司向用户保证其 Base 平台上的市场仍然安全，并承诺提供进一步的更新。

"All markets on Optimism have been paused. Markets on Base are safe. We'll provide more information with time." - Sonne Finance (@SonneFinance) May 15, 2024

“所有 Optimism 市场都已暂停。Base 市场是安全的。我们将及时提供更多信息。” - Sonne Finance (@SonneFinance) 2024 年 5 月 15 日

Post-Mortem Investigation Unravels Details of Exploit

尸检调查揭示了漏洞利用的细节

In a post-mortem report released the following morning, Sonne Finance painstakingly outlined the modus operandi of the breach. The investigation unearthed a highly sophisticated donation attack executed on Sonne's Compound V2 forks, which laid the groundwork for the exploit.

在第二天早上发布的事后报告中，Sonne Finance 煞费苦心地概述了此次泄露的作案手法。调查发现了对 Sonne 的Compound V2 叉子执行的高度复杂的捐赠攻击，这为该漏洞利用奠定了基础。

Exploit Details and Perpetrator's Manipulation

利用细节和犯罪者的操纵

According to Sonne Finance's meticulous probe, the exploit was meticulously orchestrated following the passage of a protocol to add VELO markets to Sonne. The perpetrator, exploiting the two-day timelock contract, initiated a series of strategic donations designed to manipulate the system's algorithm.

根据 Sonne Finance 的细致调查，该漏洞是在向 Sonne 添加 VELO 市场的协议通过后精心策划的。犯罪者利用两天的时间锁合约发起了一系列旨在操纵系统算法的战略捐赠。

These calculated actions allowed the attacker to pilfer over a million units of Velo, Ether, and USDC, which were subsequently converted into Bitcoin (BTC) and Ether (ETH) and transferred to a newly created wallet address.

这些经过计算的操作使攻击者能够窃取超过 100 万单位的 Velo、以太币和 USDC，这些货币随后被转换为比特币 (BTC) 和以太币 (ETH) 并转移到新创建的钱包地址。

"The @SonneFinance team deployed the $VelodromeV2 market contract 4 days ago... Then, two days ago, they scheduled an operation to add $VelodromeV2 to the market... Here's the problem: It's been over a year since the First Deposit... bug." - PoorBabyCorn (@GiantBabyCorn) May 15, 2024

“@SonneFinance 团队在 4 天前部署了 $VelodromeV2 市场合约...然后，两天前，他们安排了一项操作，将 $VelodromeV2 添加到市场...问题是：距离首次存款已经一年多了... 漏洞。” -PoorBabyCorn (@GiantBabyCorn) 2024 年 5 月 15 日

Independent Developer Questions Premeditation

独立开发者质疑预谋

An independent developer working on the X platform raised alarming concerns that the same bug had been plaguing users for over a year. This prompted the developer to question whether Sonne Finance's decision to proceed with the Compound V2 fork was a deliberate attempt to create a "premeditated backdoor."

一位在 X 平台上工作的独立开发人员提出了令人担忧的担忧，因为同样的错误已经困扰用户一年多了。这促使开发者质疑 Sonne Finance 继续进行Compound V2分叉的决定是否是故意尝试创建“有预谋的后门”。

Recovery Efforts and Negotiations with Hacker

恢复工作以及与黑客的谈判

Sonne Finance has reportedly exhausted all available avenues to reclaim the stolen funds, including reaching out to Cyvers Alerts for assistance. Furthermore, the company initiated negotiations with the perpetrator, offering a 10% bug bounty in exchange for the return of the remaining funds. However, the hacker has thus far remained unmoved by the offer.

据报道，Sonne Finance 已用尽所有可用途径来追回被盗资金，包括向 Cyvers Alerts 寻求帮助。此外，该公司还与肇事者展开谈判，提供 10% 的漏洞赏金，以换取剩余资金的返还。然而，到目前为止，黑客仍然对这一提议不为所动。

SONNE Token Tanks Amidst Market Panic

SONNE 代币在市场恐慌中下跌

The catastrophic exploit on Sonne Finance triggered a wave of panic selling that sent the value of its native SONNE token plummeting by a staggering 60% in just 24 hours. As of 11:00 AM UTC on May 15th, 2024, SONNE had plunged from $0.06491 to a mere $0.02377.

Sonne Finance 的灾难性漏洞引发了一波恐慌性抛售，导致其原生 SONNE 代币的价值在短短 24 小时内暴跌 60%。截至 2024 年 5 月 15 日上午 11:00（世界标准时间），SONNE 已从 0.06491 美元暴跌至仅 0.02377 美元。

"SONNEN Token as of 11:00 AM UTC on May 15, 2024." (Source: CoinMarketCap)

“SONNEN 代币截至 2024 年 5 月 15 日上午 11:00 UTC。” （来源：CoinMarketCap）

Concurrent with the token's precipitous decline, its trading volume surged by an astonishing 293%, with over $484,800 worth of SONNE being exchanged between addresses. Sonne Finance's token has a finite supply of 100 million units, with approximately 79.93 million currently in circulation, resulting in an estimated market capitalization of approximately $2 million.

在该代币急剧下跌的同时，其交易量惊人地飙升了 293%，地址之间交换的 SONNE 价值超过 484,800 美元。 Sonne Finance 的代币供应量有限，为 1 亿个，目前流通中的代币约为 7,993 万个，预计市值约为 200 万美元。

Conclusion

结论

The $20 million exploit on Sonne Finance serves as a stark reminder of the vulnerabilities that continue to plague the decentralized finance (DeFi) sector. The incident has raised questions about the platform's security protocols and the potential for premeditated attacks. Sonne Finance's efforts to recover the stolen funds and stabilize the value of its native token remain ongoing, but the full repercussions of this catastrophic event are yet to be fully realized. As the DeFi ecosystem matures, it is imperative that platforms prioritize robust security measures to safeguard user assets and maintain investor confidence.

Sonne Finance 价值 2000 万美元的漏洞清楚地提醒人们，继续困扰去中心化金融（DeFi）领域的漏洞。该事件引发了对该平台安全协议和预谋攻击可能性的质疑。 Sonne Finance 仍在继续努力追回被盗资金并稳定其原生代币的价值，但这一灾难性事件的全面影响尚未完全实现。随着 DeFi 生态的成熟，平台必须优先考虑强有力的安全措施，以保护用户资产并维护投资者信心。