Azoundria: Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/sunrayfinancemaliciousupgradeandtokenminting.php}} {{Unattributed Sources}} Sunray Finance Logo/HomepageSunray Finance offered a decentralized exchange on the Arbitrum blockchain. They claimed to have the backing of Japan's SoftBank, and their Twitter links to the SoftBank website, however SoftBank does not appear to have officially provided a public end..."

2024-12-06T22:36:14Z

Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/sunrayfinancemaliciousupgradeandtokenminting.php}} {{Unattributed Sources}} thumb|Sunray Finance Logo/HomepageSunray Finance offered a decentralized exchange on the Arbitrum blockchain. They claimed to have the backing of Japan's SoftBank, and their Twitter links to the SoftBank website, however SoftBank does not appear to have officially provided a public end..."

New page

{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/sunrayfinancemaliciousupgradeandtokenminting.php}}
{{Unattributed Sources}}

[[File:Sunrayfinance.jpg|thumb|Sunray Finance Logo/Homepage]]Sunray Finance offered a decentralized exchange on the Arbitrum blockchain. They claimed to have the backing of Japan's SoftBank, and their Twitter links to the SoftBank website, however SoftBank does not appear to have officially provided a public endorsement of their project. On October 29th, 2024, a new upgrade took place on their smart contract. The upgrade allowed for the minting of a massive number of tokens, which were immediately swapped. It is alleged that this activity has nothing to do with the Sunray Finance team and that the private key was compromised. It appears that a large chunk of the potentialy loot was lost to an arbitrage bot, which managed to insert an arbitrage trade, exploiting the difference in two separate liquidity pools. However, the attacker still made off with close to $3m. The Sunray Finance team appears to be working with the Binance security team on a potential recovery, however there have been no new updates since early November. The Sunray Finance website is presently offline, however their Twitter account still exists.<ref name="cointelegraph-16932" /><ref name="matchsystemstwitter-16933" /><ref name="coinness-16934" /><ref name="cryptopolitan-16935" /><ref name="sunrayfinancearchive-16936" /><ref name="sunraydextwitter-16937" /><ref name="chaincatcher-16938" /><ref name="web3isgoinggreat-16939" /><ref name="tenarmoralerttwitter-16940" /><ref name="arbiscan-16941" /><ref name="arbiscan-16942" /><ref name="arbiscan-16943" /><ref name="arbiscan-16944" /><ref name="sunraydextwitter-16945" /><ref name="sunraydextwitter-16946" /><ref name="cryptorank-16947" /><ref name="sunraydextwitter-16948" /><ref name="sunraydextwitter-16949" />

== About Sunray Finance ==
"Sunray DEX is a new attempt at building a blockchain-based market on Arbitrum. The DEX was created with the involvement of SoftBank, though the project is not listed on its portfolio page. The Sunray DEX X account also communicated in a way that singled it out as a crypto outsider, taking a long time to launch in a dynamic environment where new tokens and DEX build up their activity much faster."

"SUN is a reserve currency that provides an open financial service platform. Focus on co building SUNRAYDEX's global business, supported by SoftBank.TBCAsoft."

"The Sunray DEX has a landing page, but most of its features are still inactive. The Sunray Finance protocol promised an extremely high passive income of 299% for SUN, with the addition of the ARC governance token."

== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:

* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.

== What Happened ==
"SUNRAY FINANCE experienced a private key compromise, allowing the exploiter to gain control of the SUN and ARC tokens and sell them off, draining the funds from DEX pairs. So far, the attacker has stolen approximately $2.855 million."
{| class="wikitable"
|+Key Event Timeline - Sunray Finance Malicious Upgrade And Token Minting
!Date
!Event
!Description
|-
|September 4th, 2024 1:53:24 AM MDT
|Last Capture Of Sunray Finance Website
|The last capture of the Sunray Finance website, which appears to be offline.
|-
|October 29th, 2024 9:45:06 PM MDT
|Smart Contract Upgraded
|The smart contract is upgraded to a malicious version, which allows for the minting of new SUN tokens.
|-
|October 29th, 2024 9:46:35 PM MDT
|Malicious Token Generation
|The new malicious smart contract mints 200,000,000,000,000,000,000,000 SUN token.
|-
|October 29th, 2024 9:47:37 PM MDT
|Newly Minted Token Swap
|The attacker swaps half of the newly minted tokens using one of the main liquidity providers. In the same block, an arbitrage bot automatically swaps using the other liquidity option. Multiple sources claim that the attacker overlooked this second source of liquidity, however the attacker maintained half of their SUN tokens, suggesting they actually intended to swap on both liquidity pools.
|-
|October 30th, 2024 5:15:00 AM MDT
|Transfer Update Post
|The team reports that they "are currently working hard to restore" "SUN and ARCToken treasury assets" which were transfered at noon that day.
|-
|October 30th, 2024 3:20:18 PM MDT
|CryptoPolitan News Article
|According to CryptoPolitan, "Neither Sunray Finance nor Sunray Swap have reported a hack through their channels. The investigation is ongoing, as the native SUN token is now practically worthless. Sunray Finance claimed its smart contracts were audited, but the project’s social media suggest it was not prepared enough for the latest DEX and Web3 challenges and attacks."
|-
|October 30th, 2024 8:24:00 PM MDT
|TenArmor Alert Posted
|TenArmor posts an alert about the suspicious attack, with losses estimated at $2.7m.
|-
|October 31st, 2024 8:46:00 AM MDT
|Update Posted Twitter
|The Sunray Finance team posts an update with an official statement about the exploit and path forward.
|-
|November 4th, 2024 11:11:00 PM MST
|Another Twitter Update
|The Sunray Finance team posts to notify that they are wroking with the Binance security team.
|}

== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

== Total Amount Lost ==
The total amount lost has been estimated at $2,885,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

== Immediate Reactions ==
"Decentralized exchange Sunray Finance has been drained of $2.855 million due to a private key compromise, blockchain security firm CertiK reported on X via its CertiK Alert account. The hacker acquired ownership of SUN and ARC tokens and minted a large number of tokens before dumping them."

"Perpetuals trading protocol Sunray Finance on Arbitrum was exploited for $2.7 million on Oct. 30, when an attacker managed to upgrade the protocol’s contract and mint two-hundred sextillion (200,000,000,000 trillion) of the protocol’s native SUN token, according to a report from blockchain security firm TenArmor.

The attacker subsequently swapped half of the tokens for $2.1 million worth of Tether (USDT). The attack collapsed the SUN price.

The exploiter appears to have overlooked the fact that there was a second liquidity pool for SUN. In the very next block, an arbitrage bot purchased approximately 90 sextillion SUN from the pool that the attacker had dumped the coins into, which it then sold into the second pool at a profit of approximately $560,000 worth of Ether (ETH). This collapsed the price in the second pool as well."

== Ultimate Outcome ==
"Sunray Treasury Asset Transfer Statement, Treasury as a public asset of the community, is secure, transparent, publicly traceable, and we are accelerating and working hard to recover all data. Please be patient and wait for specific details"

"At present, we have contacted the Binance/BM security team and everyone is patiently waiting. We are actively handling the work related to this incident and believe that there will be results soon"

== Total Amount Recovered ==
There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="cointelegraph-16932">[https://cointelegraph.com/news/btc-scammers-sunray-finance-crypto-sec https://cointelegraph.com/news/btc-scammers-sunray-finance-crypto-sec] (Accessed Dec 6, 2024)</ref>

<ref name="matchsystemstwitter-16933">[https://twitter.com/MatchSystems/status/1856666253462495237 @MatchSystems Twitter] (Accessed Dec 6, 2024)</ref>

<ref name="coinness-16934">[https://coinness.com/en/news/32526 CoinNess] (Accessed Dec 6, 2024)</ref>

<ref name="cryptopolitan-16935">[https://www.cryptopolitan.com/malicious-smart-contract-causes-2-8m-in-sun-token-losses-on-arbitrum/ https://www.cryptopolitan.com/malicious-smart-contract-causes-2-8m-in-sun-token-losses-on-arbitrum/] (Accessed Dec 6, 2024)</ref>

<ref name="sunrayfinancearchive-16936">[https://web.archive.org/web/20240904075324/https://www.sunray.finance/ SUNRAY] (Accessed Dec 6, 2024)</ref>

<ref name="sunraydextwitter-16937">[https://twitter.com/SUNRAY_DEX/status/1851583772531306605 @SUNRAY_DEX Twitter] (Accessed Dec 6, 2024)</ref>

<ref name="chaincatcher-16938">[https://www.chaincatcher.com/en/article/2149616 SUNRAY private key leaked, attackers have stolen $2.855 million - ChainCatcher] (Accessed Dec 6, 2024)</ref>

<ref name="web3isgoinggreat-16939">[https://www.web3isgoinggreat.com/single/sunray-finance-hack Sunray Finance hacked for $2.7 million] (Accessed Dec 6, 2024)</ref>

<ref name="tenarmoralerttwitter-16940">[https://twitter.com/TenArmorAlert/status/1851812530320216479 @TenArmorAlert Twitter] (Accessed Dec 6, 2024)</ref>

<ref name="arbiscan-16941">[https://arbiscan.io/tx/0x0e111a7070c7006fde55070eb9b9c0b8006abe371a91bd283859499b2ca6372e Arbitrum One Transaction Hash (Txhash) Details | Arbitrum One] (Accessed Dec 6, 2024)</ref>

<ref name="arbiscan-16942">[https://arbiscan.io/tx/0x1a7518af17b2f82e98b9ea6fa8e94bf4e8485390b7de7793ea0017ffbc426675 Arbitrum One Transaction Hash (Txhash) Details | Arbitrum One] (Accessed Dec 6, 2024)</ref>

<ref name="arbiscan-16943">[https://arbiscan.io/tx/0x6bf01fc425d2591ac34d41b6a193580079e2506206405841f9cb38881fbb74b2 Arbitrum One Transaction Hash (Txhash) Details | Arbitrum One] (Accessed Dec 6, 2024)</ref>

<ref name="arbiscan-16944">[https://arbiscan.io/tx/0x14b2c23397b5aa4239620cd1ad4c4ea3872f59c54feefdadd63ca3d36ae4af4f Arbitrum One Transaction Hash (Txhash) Details | Arbitrum One] (Accessed Dec 6, 2024)</ref>

<ref name="sunraydextwitter-16945">[https://twitter.com/SUNRAY_DEX/status/1851999280074002851 @SUNRAY_DEX Twitter] (Accessed Dec 6, 2024)</ref>

<ref name="sunraydextwitter-16946">[https://twitter.com/SUNRAY_DEX/status/1853681557057503697 @SUNRAY_DEX Twitter] (Accessed Dec 6, 2024)</ref>

<ref name="cryptorank-16947">[https://cryptorank.io/funds/softbank/portfolio?page=1 SoftBank Portfolio | CryptoRank.io] (Accessed Dec 6, 2024)</ref>

<ref name="sunraydextwitter-16948">[https://twitter.com/SUNRAY_DEX @SUNRAY_DEX Twitter] (Accessed Dec 6, 2024)</ref>

<ref name="sunraydextwitter-16949">[https://twitter.com/SUNRAY_DEX/status/1728445452318892097 @SUNRAY_DEX Twitter] (Accessed Dec 6, 2024)</ref></references>

Sunray Finance Malicious Upgrade And Token Minting - Revision history