Is DeFi Protocol Security Really Improving? New Round of Cyber Attacks Steals $25 Million

by | May 28, 2024

Though it’s not one of the largest examples of successful thefts from DeFi protocols, a recent wave of thefts that took place about a week ago has raised fresh questions about resiliency against cyber attacks and the safety of investor money.

The biggest of these cyber attacks was a theft from Sonne Finance totaling $20 million in assets. At about the same time (though very likely pulled off by different threat actors), ALEX Lab had about $4.3 million stolen and investment firm BlockTower Capital lost about $1.5 million to hackers.

Cyber attacks once again shake confidence in DeFi

DeFi protocols seemed to be slowly rebuilding their reputation for security after a disastrous wave of major thefts from platforms in 2022 and 2023, the vast bulk of these perpetrated by North Korea’s state-backed hackers. A collective $25 million between three events is a relative drop in the bucket compared to the billions in total losses to cyber attacks that have come before, but any “crime wave” of this sort in the space definitely attracts notice given the recent past.

A standardized defense against cyber attacks has not really been established yet, but DeFi protocols have been addressing the security (and investor confidence) issue in a variety of ways. The recent incidents do show where there remain areas for improvement, however, namely in terms of tightening up smart contracts and ironing out potentially exploitable glitches. AI may also have a significant role to play, as detection by a third-party system a few minutes prior looks to have saved at least several million more dollars from being stolen.

Bugs, key compromise continue to haunt DeFi protocols

In addition to seeing a $20 million loss, Sonne had to temporarily shut down its Optimism Market (the Base version remains unaffected) and the SONNE token lost 60% of its value (and is still struggling to recover any ground a week later). That attack was caused by a known bug that had previously been pointed out on social media by independent security researchers.

When Sonne added new token markets for Velodrome Finance’s VELO, an opportunist saw an opening. A two-day smart contract was time-locked to execute, with the attacker “donating” large amounts of crypto to alter the token’s exchange rate. This can be used to trick DeFi protocols into registering more collateral than is actually present, which was the approach here.

Sonne’s stolen funds seem to be gone, with the attackers very quickly transferring them to other cryptocurrencies en route to Tornado Cash mixing and not responding at all to negotiation offers. The outcome of the other two cyber attacks remains in question. ALEX Labs says that it knows the identity of whoever stole an Xlink bridge private key and made off with a total of $4.3 million in bitcoin and other stablecoins. The group is trying to reach out to this party to negotiate a 10% “bounty” if the stolen funds are returned. BlockTower Capital says that it has brought in a third party to perform a forensic investigation, but is facing much less of a financial obstacle if the money is not recovered.

Recent Posts

How can we help?

14 + 12 =

× How can I help you?