Sonne Finance Exploited for $20 Million on Optimism, Markets on Base Safe

May 15, 2024

Blockchain security firm PeckShield recently brought to light that lending protocol Sonne Finance had been exploited. Nine minutes later, the protocol posted about the mishap and announced that all markets associated with it on Optimism have been paused to mitigate further damages, while markets on Base remain safe.


Chalking out the reason for its exploit, Sonne Finance’s post-mortem report noted that the protocol fell victim to a vulnerability in Compound v2 forks. The team became aware of the attack only after it took place. The report added,

“The attacker was able to exploit the protocol for ~$20M with the known donation attack... Sonne team became aware of the issue 25 minutes after the exploit.”

The Sonne team further went on to reveal that they had not been able to save the funds that were drained. Nevertheless, they are still trying to track the identity of the perpetrator. In fact, the team is ready to reward the hacker, and not take up this issue further, provided the funds are returned. Usually, attackers keep 1/10th of the funds for identifying security flaws and resend the remaining to the protocol. However, the Sonne team did not elaborate on the bounty details further.  

Here, it is worth noting that the team recently green-flagged a proposal to add VELO markets to Sonne. Explaining how the exploiter took advantage of this, the report noted,

“We scheduled the transactions on multisig wallet, and because there is 2 days timelock, we also scheduled c-factors to be executed in 2-days. The exploiter executed 4 of the transactions when 2-day timelock ends for the creation of markets, and after that, executed the transaction for adding c-factor to the markets.”

Within a couple of hours, the hacker transferred around $8 million of the stolen funds - that included 100 WBTC and 556 ETH -  to another wallet. Soon after, 56 WBTC was swapped for ~1,185 ETH and 3 WBTC for 183k DAI.

The price of the native token of the protocol, SONNE, was dented owing to the exploit. At press time, it was valued at $0.026, 61% down on the daily timeframe.  

Opening MetaMask...
Confirm connection in the extension

The current connected wallet does not hold a LARP. To get access to the Meal Deal please connect a wallet which holds a LARP. Alternatively, visit Opensea to purchase one or visit Join the Meal Deal to purchase a subscription

Table of contents
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.