The cryptocurrency industry was shaken when two major DeFi protocols, ALEX Lab and Sonne Finance, experienced hacking attacks. Because millions of dollars worth of crypto money was stolen. Here are the details…
$4.3 million hack at Alex Labs
On May 15, ALEX Lab, a Bitcoin DeFi application, reported a hacking incident that resulted in the theft of more than $4.3 million in various tokens. Security researchers at CertiK believe attackers gained access to a private key that controls ALEX’s XLink bridge, an important service that facilitates the transfer of tokens between different blockchains. The stolen funds included $300,000 worth of Bitcoin, $3.3 million worth of stablecoins, and $75,000 worth of Sugar Kingdom (SKO) tokens.
Following the attack, ALEX Lab developers confirmed the breach and surprisingly claimed to have identified the culprit. In a bold move, they offered a 10% reward for the return of 90% of the stolen cryptocurrency and attempted to effectively negotiate a recovery with the hacker. The team emphasized that the deadline for the hacker to comply was May 18 and promised that no legal action would be taken in exchange for cooperation.
Sonne Finance was hacked: $20 million worth of cryptocurrency was drained
Just a few hours before the ALEX Lab incident, credit protocol Sonne Finance became the target of another cyber attack. Web3 security firm Cyvers detected suspicious activity on the night of May 15, indicating an exploit was in progress targeting Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts. Unfortunately, by the time Sonne Finance admitted to the attack, the hacker had already made off with a staggering $20 million worth of cryptocurrencies, including WETH, VELO (VELO), soVELO, and Wrapped USDC (USDC.e).
Sonne Finance immediately ceased operations on the Optimism platform and partnered with Cyvers to investigate the breach. Realizing the potential benefits of a collaborative approach, Sonne explored the possibility of offering a bug bounty to the hacker. This strategy usually involves the hacker returning the majority of the stolen funds for a reward, usually around 10%, as compensation for detecting a security flaw.
Hacker moves funds
But unlike the ALEX Labs scenario, negotiations with the Sonne Finance hacker appear to have hit a roadblock. Blockchain researcher PeckShield revealed that the hacker moved a significant portion of the stolen funds ($7.8 million) to a new wallet address. It’s a move that suggests an intention to distance themselves from crime. Further analysis shows that the hacker attempted to launder the stolen funds through a privacy protocol like Tornado Cash, making them even harder to track.
Sonne Finance’s post-mortem analysis revealed a critical detail: The attack exploited a known bug in Sonne’s Compound v2 forks. This statement sparked outrage in the crypto community, with some accusing Sonne Finance of willful negligence. Community member PoorBabyCorn questioned the platform’s decision to use a known buggy system, hinting at the possibility of a “premeditated backdoor.”
cryptokoin.com As we reported, reports of a separate attack targeting BlockTower Capital also emerged in the morning. Although details have yet to surface, sources familiar with the matter suggest that BlockTower’s main hedge fund was partially compromised, resulting in an undisclosed amount of lost funds. The stolen funds have not yet been recovered and BlockTower has reportedly deployed blockchain experts to track the stolen assets and detect the security breach. The company, which manages an estimated $1.7 billion in assets, has not yet made a public statement about the incident.
To be informed about the latest developments, follow us twitter‘in, Facebookin And InstagramFollow on and Telegram And YouTube Join our channel!