ChainCatcher news, OKLink released the May 2024 security report, which indicates that the total losses from on-chain security incidents across the network in May amount to approximately $140 million. Among these, phishing incidents account for 60.08% of the losses, REKT incidents account for 16.89%, and RugPull incidents account for 1.37%.The largest security incident this month in terms of REKT losses was the attack on Sonne Finance, resulting in losses of approximately $20 million. The reason was that the protocol added a new VELO market through voting, but the project team failed to add initial funds to the VELO market in a timely manner, allowing hackers to exploit a classic rounding issue to manipulate the collateral rate of the VELO market for profit.In addition, there were a total of 27 incidents of scams and phishing attacks on official social media, primarily concentrated on X, Discord, and various phishing websites. The losses from security incidents this month increased by 27.27% compared to the previous month. OKLink reminds users to pay attention to the protection of personal information, never disclose your private keys or mnemonic phrases, and avoid storing them simply through screenshots. Furthermore, when transferring funds, be sure to carefully verify the recipient's address, and confirm its accuracy when copying directly from transaction records or chat logs. Security awareness is the strongest shield in the Web3 world.

According to ChainCatcher news, MistTrack monitored that a few hours ago, the Sonne Finance attacker address (0x606c6f5b814b66826ef958348989a68efdfab769) deposited 1600 ETH into Tornado Cash.Previously, Sonne Finance suffered an attack with losses exceeding 20 million dollars and has suspended its Optimism market.Afterwards, Sonne Finance posted on social media stating that they have been working with authorities and top experts to recover funds and identify the manipulators behind the scenes. They also announced a 15% public bounty as an additional reward to encourage tips for the arrest of the Sonne protocol attackers and the return of all stolen funds.

ChianCatcher news, Sonne Finance stated on platform X that the team has been working behind the scenes, engaging with relevant departments and collaborating with experts to recover funds and identify the attackers, committed to resolving this issue. The team announced a public bounty of 15% to reward informants who assist in the arrest of the attackers and the recovery of all stolen funds.Previously, it was reported that the Sonne Finance project was attacked, resulting in losses exceeding $20 million; subsequently, Sonne Finance stated in an on-chain message that they are willing to offer a 10% bounty on the stolen funds to the attackers.

ChainCatcher news, May 17, Sonne Finance stated in a message to the hacker on-chain that after two days of collaboration with experts in the crypto security field, they are confident in their ability to recover the funds stolen from the protocol by the attacker. However, this will be a lengthy process, and considering this, they are willing to offer a 10% bounty on the stolen funds to the attacker. If the attacker returns the remaining 90%, they will be considered a white hat hacker.If the attacker does not return the funds, the collected information will be shared with the relevant authorities and the public. The attacker must complete this action by May 17, 2024, at 21:00 UTC. For any questions, they can be contacted via email.Previously reported, on May 15, according to monitoring by PieShield, Sonne Finance was hacked, with current losses exceeding $20 million.

ChainCatcher message, Sonne Finance released an attack analysis report, which was a donation attack. Sonne had previously avoided this issue by adding a collateral factor of 0% to the market, adding collateral and performing burns, and then increasing c-factors based on proposals. Sonne recently passed a proposal to add a VELO market in Sonne, which arranged this transaction on a multi-signature wallet, and due to a 2-day time lock, also scheduled the execution of c-factors within 2 days.When the 2-day time lock for creating the market ended, the attacker executed 4 transactions, followed by a transaction to add c-factors to the market. The attacker was able to exploit the protocol through a known donation attack to acquire approximately $20 million in funds. Seal contributors quickly noticed the issue and added about $100 worth of VELO to retain the remaining approximately $6.5 million. Sonne is investigating the attacker and has suspended the market to mitigate further losses. Sonne is prepared to offer a bounty to the attacker, promising not to pursue the matter further if the attacker returns the funds.

ChainCatcher news, according to PeckShield monitoring, the attacker address of Sonne Finance has transferred $7.8 million worth of cryptocurrency to a new address starting with 0x6277, including 100 WBTC and 556.1 ETH.ChainCatcher previously reported, according to PeckShield monitoring, that the DeFi lending protocol Sonne Finance was hacked, and its timelock contract needs to be carefully checked, with losses exceeding $20 million. Sonne Finance posted on social media that all Optimism markets have been suspended. The markets on Base are safe, and more information will be provided in a timely manner.

ChainCatcher news, a member of the blockchain security company FuzzLand stated on the X platform that the team prevented over $6.5 million in assets on Sonne Finance from being further attacked by hackers with just $100.Specifically, the Optimism native lending protocol Sonne, based on Compound, has a common Compound V2 vulnerability where attackers can perform precision loss attacks when there are uninitialized new pools (soVELO). FuzzLand immediately detected the attack after the hacker's initial strike and found that the attacker held a soVELO position, which made it impossible for them to exploit it without liquidating the precision loss. FuzzLand then exchanged $100 for some VELO and added it to the soVELO pool, rendering the vulnerability no longer exploitable, thus protecting approximately $6.5 million of the remaining fund pool from being reused.Previous report mentioned that earlier today, the Sonne Finance protocol on the OP chain was attacked by a hacker using a flash loan, resulting in approximately $20 million in losses through multiple attacks.It is reported that FuzzLand is dedicated to automated auditing and on-chain real-time auditing, focusing on a model that reduces reliance on manual security audits through AI and fuzz testing + formal verification, and providing on-chain real-time firewalls for protocols or end users.

According to ChainCatcher news, Beosin Alert monitoring has discovered that the Sonne Finance protocol on the OP chain has been attacked by hackers using a flash loan attack, resulting in approximately $20 million in losses due to multiple attacks.The Beosin security team analyzed that the attackers borrowed VELO Tokens through flash loans and sent them to the soVELO contract via transfer, repeatedly creating new contracts to borrow various tokens from the Sonne Finance protocol and redeem VELO Token tokens. This operation was repeated until all funds were drained.Currently, the attackers are mainly holding the funds at the following addresses:0x02FA2625825917E9b1F8346a465dE1bBC150C5B90x5D0D99e9886581ff8fCB01F35804317f5eD80BBb0xae4A7cDe7C99fb98B0D5fA414aa40F0300531F43Beosin Trace will continue to monitor the movements of the stolen funds.

ChainCatcher news, based on the Compound native lending protocol Sonne Finance stated on social media that all Optimism markets have been suspended. The markets on Base are safe, and more information will be provided in a timely manner.ChainCatcher previously reported that according to monitoring by Shield, the Optimism native lending protocol Sonne Finance based on Compound was hacked, and its timelock contract needs to be carefully checked, with current losses exceeding 20 million dollars.

ChainCatcher message, according to the monitoring by Shield, the Optimism native lending protocol Sonne Finance based on Compound has been hacked, and its timelock contract needs to be carefully checked. Currently, the loss exceeds 20 million dollars.