Sonne Finance Hit by $20M Exploit, SONNE Token Crashes 60%

Sonne Finance, a decentralized lending protocol, experienced a $20 million exploit, causing its SONNE token to drop 60%. The attack exploited a vulnerability in the protocol's Compound v2 forks, allowing the hacker to manipulate markets and steal various tokens, including ether, velo, and stablecoins. Sonne Finance paused operations on Optimism but markets on Base remained unaffected, and the protocol is working on retrieving the stolen funds.

Sonne Finance Exploited for $20 Million, Native Token SONNE Plummets 60%

May 15, 2024

Initial Report

Sonne Finance, a decentralized lending protocol operating on the Optimism and Base blockchains, has become the victim of a $20 million exploit that has caused its native SONNE token to plummet by a staggering 60%. The attack, executed on Wednesday, leveraged a vulnerability in the protocol's implementation of Compound v2 forks, allowing the perpetrator to manipulate markets and siphon off various tokens, including ether, velo, and stablecoins.

Exploit Details

The attack unfolded as a "donation attack," whereby the perpetrator manipulated the exchange rate between two tokens by inflating the value of donated cryptocurrency. This deception misled the platform into believing it had more collateral than actually available, paving the way for the attacker to withdraw funds unhindered. Blockchain data indicates that the assailant successfully transferred millions of VELO, ether, and USD Coin (USDC) following the manipulation. The attacker subsequently converted $8 million of the stolen funds into bitcoin and ether, transferring them to a newly created wallet address in the early hours of the morning.

Chronology of Events

The exploit occurred shortly after Sonne Finance introduced token markets for Velodrome Finance's VELO, a decision prompted by a community proposal. The attacker capitalized on a two-day timelock to execute four transactions, creating markets and assigning collateral factors. Timelocks are smart contracts that automatically execute transactions at a predetermined time, in this case, two days after being activated.

Response and Impact

Sonne Finance's developers responded swiftly, mitigating the damage and suspending all markets on the Optimism blockchain. The protocol's markets on the Base blockchain remained operational, as the exploit specifically targeted the Optimism version of the platform. The incident has had a severe impact on the value of SONNE, which has plummeted by 60% to 2.5 cents, reaching its lowest value in over a year. This decline has reduced the token's market cap to $20 million, despite the developers' efforts to prevent the theft of an additional $6.5 million upon discovering the attack.

Stolen Funds and Bounty Offer

Sonne Finance has stated that it is actively pursuing the recovery of the stolen funds and has offered a bounty to the attacker in exchange for their return. However, the attacker has already transferred a significant portion of the loot, approximately $7.8 million worth of cryptocurrencies, to a new wallet address, suggesting a lack of willingness to negotiate.

Security Concerns and Community Reaction

The exploit has sparked concerns about the security vulnerabilities of decentralized lending protocols and the risks associated with adopting forked versions of existing platforms. Some members of the crypto community have criticized Sonne Finance for relying on Compound v2 despite its known security flaws, with one individual speculating that the exploit may have been a premeditated backdoor.

Conclusion

The $20 million exploit targeting Sonne Finance serves as a reminder of the ongoing security challenges faced by decentralized lending protocols. As the industry continues to evolve, protocols must prioritize robust security measures and transparent practices to safeguard user funds. The investigation into this incident is ongoing, and it remains to be seen whether the stolen funds will be recovered and the attacker apprehended.