Sonne Finance, a decentralized lending protocol, suffered a significant exploit on its Optimism blockchain operations, leading to a dramatic 60% drop in the value of its SONNE token.
TLDR
- Sonne Finance’s decentralized lending protocol on the Optimism blockchain was exploited, leading to a loss of $20 million in cryptocurrencies, including Ether, Velodrome Finance’s VELO, and stablecoins. The exploit involved a “donation” attack, manipulating market conditions.
- The SONNE token’s value dropped by 60% to 2.5 cents, significantly reducing its market cap, as a direct consequence of the hack.
- Sonne Finance quickly paused operations on the Optimism blockchain to prevent further losses, although their operations on the Base blockchain were unaffected. Developers managed to prevent an additional $6.5 million from being stolen during the attack.
- Sonne Finance is exploring all options to retrieve the stolen funds, including offering a bounty for the return of the funds by the hacker. They have also partnered with cybersecurity firms to investigate the breach further.
- The incident has sparked discussions within the crypto community about the security of decentralized platforms and the effectiveness of current measures to prevent such exploits.
Early in the morning on May 15, 2024, attackers executed a sophisticated “donation” attack on Sonne Finance.
This type of exploit involves manipulating the market by artificially inflating the value of assets through deceptive transactions.
In this case, the attackers used this technique after the recent addition of Velodrome Finance’s VELO token markets, exploiting a two-day timelock on transaction execution to their advantage.
The immediate financial impact was severe: Sonne Finance reported a direct loss of $20 million. The protocol’s native token, SONNE, saw its market value plummet to just 2.5 cents per token, a stark decline reflecting shaken investor confidence.
#PeckShieldAlert @SonneFinance exploiter-labeled address has transferred $7.8M worth of cryptos, including 100 $WBTC & 556.1 $ETH, to a new address 0x6277…4c07 #Optimism pic.twitter.com/g4oiP5akr4
— PeckShieldAlert (@PeckShieldAlert) May 15, 2024
In response to the breach, Sonne Finance took swift action to mitigate the damage.
The protocol paused all its market operations on the Optimism blockchain to prevent further unauthorized transactions. Fortunately, their operations on the Base blockchain remained secure and unaffected, showcasing the isolated nature of the exploit.
Recovery efforts are now in full swing. Sonne Finance has expressed a commitment to retrieving the stolen funds and has floated a bounty offer to the hacker in a bid to recover the assets.
Additionally, partnerships with blockchain security firms like PeckShield and Cyvers are aimed at deepening the investigation into how the exploit was carried out and to devise strategies to prevent similar incidents in the future.
The broader crypto community has reacted with concern to this incident, raising questions about the security measures of decentralized protocols, especially those derived from known frameworks like Compound v2, which Sonne is based upon.
The community’s feedback indicates a pressing need for enhanced security audits and quicker response strategies to address vulnerabilities.