Sonne Finance Hack: $20 Million Loss Triggers 60% SONNE Token Crash

A $20 million exploit targeting decentralized lending protocol Sonne Finance has led to a 60% decline in the value of its native token, SONNE. The breach, involving a donation attack exploiting Compound V2 forks, siphoned funds from Sonne's USDC and WETH contracts. The incident highlights concerns about the security of the Compound V2 fork and prompts questions about whether it was a premeditated vulnerability. Sonne Finance is actively pursuing fund recovery and has reached out to the hacker for negotiations.

Sonne Finance's Catastrophic Hack: $20 Million Meltdown Triggers 60% SONNE Token Plunge

A devastating exploit has rocked the foundations of Sonne Finance, a renowned decentralized lending platform, siphoning approximately $20 million from its coffers. The repercussions of this cataclysmic event have sent shockwaves through the cryptocurrency industry, resulting in a staggering 60% plummet in the value of Sonne Finance's native token, SONNE.

Initial Breach Detection and Announcement

The nefarious activity was first detected at approximately 10:00 PM UTC on May 14th, 2024, by Cyvers Alerts, a leading Web3 security firm. Initial investigations revealed that the hacker had already pilfered $3 million from Sonne Finance's USDC and WETH contracts.

"ALERT! We have detected an attack on @SonneFinance, $3 million have been stolen from their USDC and WETH contracts. Please contact us for more information." - Cyvers Alerts (@CyversAlerts) May 14, 2024

Sonne Finance Confirms Breach and Suspends Operations

Barely 25 minutes after Cyvers Alerts' initial alert, Sonne Finance corroborated the suspicions, confirming the hack and suspending its operations on the Optimism platform. However, the company reassured users that markets on its Base platform remained secure and promised to provide further updates.

"All markets on Optimism have been paused. Markets on Base are safe. We'll provide more information with time." - Sonne Finance (@SonneFinance) May 15, 2024

Post-Mortem Investigation Unravels Details of Exploit

In a post-mortem report released the following morning, Sonne Finance painstakingly outlined the modus operandi of the breach. The investigation unearthed a highly sophisticated donation attack executed on Sonne's Compound V2 forks, which laid the groundwork for the exploit.

Exploit Details and Perpetrator's Manipulation

According to Sonne Finance's meticulous probe, the exploit was meticulously orchestrated following the passage of a protocol to add VELO markets to Sonne. The perpetrator, exploiting the two-day timelock contract, initiated a series of strategic donations designed to manipulate the system's algorithm.

These calculated actions allowed the attacker to pilfer over a million units of Velo, Ether, and USDC, which were subsequently converted into Bitcoin (BTC) and Ether (ETH) and transferred to a newly created wallet address.

"The @SonneFinance team deployed the $VelodromeV2 market contract 4 days ago... Then, two days ago, they scheduled an operation to add $VelodromeV2 to the market... Here's the problem: It's been over a year since the First Deposit... bug." - PoorBabyCorn (@GiantBabyCorn) May 15, 2024

Independent Developer Questions Premeditation

An independent developer working on the X platform raised alarming concerns that the same bug had been plaguing users for over a year. This prompted the developer to question whether Sonne Finance's decision to proceed with the Compound V2 fork was a deliberate attempt to create a "premeditated backdoor."

Recovery Efforts and Negotiations with Hacker

Sonne Finance has reportedly exhausted all available avenues to reclaim the stolen funds, including reaching out to Cyvers Alerts for assistance. Furthermore, the company initiated negotiations with the perpetrator, offering a 10% bug bounty in exchange for the return of the remaining funds. However, the hacker has thus far remained unmoved by the offer.

SONNE Token Tanks Amidst Market Panic

The catastrophic exploit on Sonne Finance triggered a wave of panic selling that sent the value of its native SONNE token plummeting by a staggering 60% in just 24 hours. As of 11:00 AM UTC on May 15th, 2024, SONNE had plunged from $0.06491 to a mere $0.02377.

"SONNEN Token as of 11:00 AM UTC on May 15, 2024." (Source: CoinMarketCap)

Concurrent with the token's precipitous decline, its trading volume surged by an astonishing 293%, with over $484,800 worth of SONNE being exchanged between addresses. Sonne Finance's token has a finite supply of 100 million units, with approximately 79.93 million currently in circulation, resulting in an estimated market capitalization of approximately $2 million.

Conclusion

The $20 million exploit on Sonne Finance serves as a stark reminder of the vulnerabilities that continue to plague the decentralized finance (DeFi) sector. The incident has raised questions about the platform's security protocols and the potential for premeditated attacks. Sonne Finance's efforts to recover the stolen funds and stabilize the value of its native token remain ongoing, but the full repercussions of this catastrophic event are yet to be fully realized. As the DeFi ecosystem matures, it is imperative that platforms prioritize robust security measures to safeguard user assets and maintain investor confidence.