Lending protocol Sonne Finance was forced to pause operations after suffering a hack that drained $20 million worth of cryptocurrencies from the market.

On May 14, around 10:30 pm UTC, Web3 security firm Cyvers detected an ongoing attack on Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts.

However, when Sonne Finance became aware of the situation 25 minutes later, the hacker had already stolen $20 million in WETH, VELO (VELO), soVELO and Wrapped USDC (USDC.e).

On May 15 at 12:11 am UTC, Sonne Finance announced on X that “All markets on Optimism have been paused.” Soon after, the protocol partnered with Cyvers to investigate the situation further.

Sonne is currently exploring all options to retrieve the stolen funds, including negotiating a bug bounty for the hacker. In such situations, the hacker returns most of the stolen funds and keeps roughly 10% of the loot as a reward for finding a security flaw.

However, the hacker seems to be in no mood for negotiations. According to blockchain investigator PeckShield, the exploiter has already moved a large chunk of the loot ($7.8 million) to a new wallet address.

The exploiter then swapped 59 WBTC for roughly 1,185 ETH and 183,000 Dai (DAI). The move suggests an intent to siphon the stolen funds through a privacy protocol like Tornado Cash to deter traceability.

Sonne Finance’s post-mortem found that a donation attack was conducted on Sonne’s Compound v2 forks, which had a known bug, according to X community member PoorBabyCorn.

They accused Sonne Finance of using Compound v2 despite knowing the risks and asked, “If this isn’t a premeditated backdoor, what is?”

In parallel, the main hedge fund of crypto institutional investment firm BlockTower Capital has reportedly been exploited and partially drained.

The funds have not been recovered, and BlockTower has employed blockchain forensic analysts to trace the funds and determine how they were breached. The exploiter has also not been arrested, Bloomberg reported on May 15, citing people familiar with the matter.

Related: Stolen Poloniex Ether worth $53M never made it back to the exchange

Its partners have been informed about the incident. It reportedly has $1.7 billion in assets under management.

BlockTower did not immediately respond to Cointelegraph’s request for comment.

In February last year, BlockTower seemingly lost around $1.5 million in the $2 million exploit of the multichain exchange aggregator Dexible.

Dexible said that around 85% of the stolen funds were from a “few big whales.” On-chain intelligence platform Arkham Intelligence labeled a wallet drained of $1.5 million as belonging to BlockTower.

Magazine: ‘Sic AIs on each other’ to prevent AI apocalypse: David Brin, sci-fi author