Hacker Reportedly Bypasses Sonic Labs Wallet Freeze, Moves 21 Million $S Tokens

• Hacker exploited Permit2 function to transfer 21 million $S tokens despite frozen wallets on November 3.

• The attacker swapped tokens for USDC on Kyber Network and bridged funds to Ethereum, evading Sonic Labs’ security measures.

• Community backlash intensified over Sonic’s slow action, with reports indicating a Balancer vulnerability affected multiple chains including Sonic.

Sonic Labs faces scrutiny after hackers bypassed wallet freezes in the Beets Fi exploit, moving millions in $S tokens. Discover the security flaw details and community reactions—stay informed on crypto risks today.

What is the Sonic Labs Beets Fi Exploit?

The Sonic Labs Beets Fi exploit refers to a security breach on November 3, 2025, where attackers targeted the Beets Fi protocol on the Sonic blockchain, exploiting a vulnerability linked to Balancer. Sonic Labs responded by freezing two suspicious wallets to prevent further movement of stolen assets, but the hacker used an off-chain Permit2 approval to bypass the freeze and transfer 21 million staked $S tokens. This event underscores ongoing challenges in blockchain security, particularly with cross-chain protocols.

How Did the Hacker Bypass the Sonic Labs Wallet Freeze?

The hacker employed a gasless Permit2 function, an off-chain approval mechanism, to unlock and move funds from one of the frozen wallets without incurring transaction fees or triggering on-chain locks. According to on-chain data analyzed by blockchain explorers like SonicScan, the attacker then swapped the 21 million $S tokens for USDC via Kyber Network before bridging the proceeds to the Ethereum network. This method exploited the limitations of Sonic Labs’ freeze, which only halted on-chain transactions but not pre-approved off-chain permissions.

Community members, including crypto analysts on platforms like X, pointed out that the freeze was implemented around 3:45 a.m. EST on November 3, targeting wallets labeled “0xf19f…6bfae2” and “0x0453…be941c.” Despite the intent to protect users and limit losses, the bypass revealed gaps in the protocol’s design. Experts from blockchain security firms, such as those referenced in industry reports from PeckShield, have noted similar vulnerabilities in DeFi systems, emphasizing the need for multi-layered approvals.

The incident ties back to a broader Balancer vulnerability affecting multiple chains, where liquidity pools were manipulated to drain funds. Sonic Labs’ team publicly acknowledged the suspicious activity in a statement, committing to transparency by sharing wallet details. However, the lack of an immediate patch fueled criticism, with users highlighting the protocol’s perceived centralization, as freezes require administrative intervention.

Reports from crypto influencers, including @YankeeRuinX and @HalscionRose, confirmed the transfer, noting the hacker unloaded the assets and bridged them to Ethereum approximately an hour before public disclosure. The $S trading pair on Solana now carries a freeze warning, amplifying concerns over token liquidity and exchange risks.

Frequently Asked Questions

What Caused the Beets Fi Exploit on Sonic Labs?

The Beets Fi exploit stemmed from a Balancer vulnerability that allowed unauthorized access to liquidity pools on the Sonic blockchain. Attackers drained funds on November 3, 2025, prompting Sonic Labs to freeze affected wallets. Security analyses indicate the issue affected multiple chains, with losses estimated in the millions across protocols.

Why Did the Sonic Labs Freeze Fail to Stop the Hacker?

Sonic Labs’ freeze mechanism locked on-chain transactions but overlooked off-chain approvals like the Permit2 function, enabling the hacker to authorize and execute transfers without gas fees. This gap, as discussed in community forums and expert reviews, highlights the need for comprehensive security audits in DeFi environments.

Key Takeaways

• Permit2 Bypass Vulnerability: Off-chain approvals can undermine on-chain freezes, exposing protocols to sophisticated attacks that evade traditional safeguards.
• Community Backlash on Response Time: Sonic Labs’ delayed follow-up and silence post-exploit eroded user trust, underscoring the importance of rapid communication in crypto incidents.
• Broader Implications for DeFi Security: Incidents like this call for enhanced multi-chain audits and decentralized freeze alternatives to reduce centralization risks.

Conclusion

The Sonic Labs Beets Fi exploit and subsequent wallet freeze bypass reveal critical vulnerabilities in blockchain security, particularly with tools like Permit2 and Balancer integrations. As the crypto community demands greater transparency and quicker responses from projects like Sonic Labs, this event serves as a reminder of the evolving threats in DeFi. Stakeholders should prioritize robust audits and user education to mitigate future risks—monitor developments closely for updates on protocol enhancements and recovery efforts.

The firm is currently facing backlash from the crypto space about its lack of quick action and weak security response after the wallet freeze failed.

Key Highlights

• Hacker bypassed Sonic Labs’ freeze and moved 21 million staked $S tokens.
• The attacker used a gasless Permit2 off-chain approval to transfer funds despite two wallets being frozen on Nov 3.
• Community backlash grew over Sonic’s slow follow-up and perceived centralization after the freeze failed.

In the latest development on the Beets Fi exploit, hackers who previously attacked the protocol on November 3 have reportedly managed to bypass the wallets frozen by Sonic Labs and move the stolen funds.

The breach occurred on the Sonic blockchain, and the company is currently being criticized by the crypto community for the alleged flaw in its security.

Hacker moves 21 million tokens despite freeze

The exploiter was said to have used a gasless tool called Permit2 function to unlock one of the frozen wallets and move 21 million staked Sonic tokens. They then swapped the tokens for USDC on Kyber Network and quickly bridged the funds to Ethereum.

Sonic Labs had frozen two wallets a week earlier to stop the stolen assets from being moved following the initial Beets Fi hack. However, this new trick allowed the hacker to transfer funds even though the wallets were supposed to be locked.

Sonic’s early freeze fails to stop the attack

The firm first noticed the “suspicious activity” connected to Beets Fi around 3:45 a.m. EST on November 3. In a post on X, the team stated that the freeze was done to protect users and limit losses.
The affected wallet shared at the time had the tags “0xf19f…6bfae2 ” and “0x0453…be941c”. They were made public via SonicScan for transparency. Users with funds in those addresses were unable to make transactions during the freeze.

The exploit was linked to a Balancer vulnerability that impacted several chains, including Sonic’s Beets Fi system. Many in the community criticized the firm over its silence and the lack of an immediate patch.

Crypto influencer @YankeeRuinX confirmed the transfer in a post on X: “Welp guess that didn’t work as seems the hacker managed to transfer all the stolen funds an hour ago to a new address and has unloaded the 21M $stS plus other assets and bridged out to $ETH.”

Another user, @HalscionRose, commented, “Sonic having a bad day. The hacker used a gasless permit function to ‘unfreeze’ his wallet, move the $stS balance & subsequently dump it.”

The situation has made users call for answers, as the $S trading pair on Solana has now been given a freeze warning.