Sonne Finance, a decentralized lending protocol operating on the Optimism layer-2 network, has been hit by a major exploit, resulting in the loss of around $20 million worth of cryptocurrencies.
The incident has forced the platform to suspend all its markets on Optimism, while its markets on other networks remain operational.
TLDR
- Sonne Finance, a decentralized lending protocol on Optimism, suffered a $20 million exploit, leading to the suspension of all its markets on Optimism.
- The exploit was attributed to a vulnerability in Compound v2 forks, which Sonne Finance is based on.
- The hacker drained funds from Sonne Finance’s USDC and WETH contracts in two transactions, taking $3 million initially and then $17 million.
- Sonne Finance has offered a bounty to the attacker to return the funds, but the attacker seems uninterested and has moved a significant portion of the stolen funds.
- Another crypto firm, BlockTower Capital, also reported an exploit that drained funds from one of its hedge funds, though details remain scarce.
The attack, which occurred on May 14, targeted Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts.
According to reports, the hacker executed the exploit in two separate transactions, initially draining around $3 million and then following up with a larger siphon of approximately $17 million.
Sonne Finance’s post-mortem analysis revealed that the exploit was made possible due to a vulnerability in Compound v2 forks, a known issue that the lending protocol was based on.
Compound v2 is a popular decentralized finance (DeFi) protocol, and several other projects, such as LayerBank, Mendi Finance, Orbit on Blast, Ionic, and Iron Bank, are also forks of the same codebase, potentially exposing them to similar risks.
The lending protocol became aware of the attack around 25 minutes after it had already taken place, as reported by the blockchain security firm PeckShield.
#PeckShieldAlert @SonneFinance exploiter-labeled address has transferred $7.8M worth of cryptos, including 100 $WBTC & 556.1 $ETH, to a new address 0x6277…4c07 #Optimism pic.twitter.com/g4oiP5akr4
— PeckShieldAlert (@PeckShieldAlert) May 15, 2024
PeckShield had initially warned Sonne Finance to check their timelock contract, which was likely the entry point for the attack.
In response to the incident, Sonne Finance has taken swift action, pausing all markets on the Optimism network to prevent further losses.
The team has also expressed its willingness to offer a bug bounty to the attacker in exchange for the return of the stolen funds, a common practice in the industry aimed at incentivizing ethical disclosure of vulnerabilities.
The hacker appears to be uninterested in negotiations, as blockchain investigator PeckShield has observed that a significant portion of the stolen funds, amounting to approximately $7.8 million, has already been moved to a new wallet address.
The attacker has also swapped a portion of the stolen funds for other cryptocurrencies, potentially in an attempt to obfuscate the trail and evade traceability.
Adding to the turmoil in the crypto space, Bloomberg reported on May 15 that BlockTower Capital, a prominent crypto investment firm, has also been targeted by an exploit that partially drained one of its hedge funds.
While details remain scarce, BlockTower Capital has reportedly employed blockchain forensic analysts to trace the stolen funds and investigate the breach.
The incidents highlight the ongoing security challenges faced by the DeFi ecosystem, which has become a lucrative target for cybercriminals due to the substantial amounts of capital locked in these protocols.
Despite efforts to improve security measures, vulnerabilities in smart contracts and other attack vectors continue to pose significant risks.