Sonne Finance Exploited for $20 Million on Optimism, Markets on Base Safe

Blockchain security firm PeckShield recently brought to light that lending protocol Sonne Finance had been exploited. Nine minutes later, the protocol posted about the mishap and announced that all markets associated with it on Optimism have been paused to mitigate further damages, while markets on Base remain safe.

Hi @SonneFinance: Please double check your timelock contract and the loss is now more than $20m.
— PeckShield Inc. (@peckshield) May 15, 2024

‍

Chalking out the reason for its exploit, Sonne Finance’s post-mortem report noted that the protocol fell victim to a vulnerability in Compound v2 forks. The team became aware of the attack only after it took place. The report added,

“The attacker was able to exploit the protocol for ~$20M with the known donation attack... Sonne team became aware of the issue 25 minutes after the exploit.”

The Sonne team further went on to reveal that they had not been able to save the funds that were drained. Nevertheless, they are still trying to track the identity of the perpetrator. In fact, the team is ready to reward the hacker, and not take up this issue further, provided the funds are returned. Usually, attackers keep 1/10th of the funds for identifying security flaws and resend the remaining to the protocol. However, the Sonne team did not elaborate on the bounty details further.

Here, it is worth noting that the team recently green-flagged a proposal to add VELO markets to Sonne. Explaining how the exploiter took advantage of this, the report noted,

“We scheduled the transactions on multisig wallet, and because there is 2 days timelock, we also scheduled c-factors to be executed in 2-days. The exploiter executed 4 of the transactions when 2-day timelock ends for the creation of markets, and after that, executed the transaction for adding c-factor to the markets.”

Within a couple of hours, the hacker transferred around $8 million of the stolen funds - that included 100 WBTC and 556 ETH - to another wallet. Soon after, 56 WBTC was swapped for ~1,185 ETH and 3 WBTC for 183k DAI.

The price of the native token of the protocol, SONNE, was dented owing to the exploit. At press time, it was valued at $0.026, 61% down on the daily timeframe.

#PeckShieldAlert @SonneFinance exploiter-labeled address has transferred $7.8M worth of cryptos, including 100 $WBTC & 556.1 $ETH, to a new address 0x6277...4c07 #Optimism pic.twitter.com/g4oiP5akr4
— PeckShieldAlert (@PeckShieldAlert) May 15, 2024

Sonne Finance Exploited for $20 Million on Optimism, Markets on Base Safe

Crypto-friendly Bank Revolut Granted Banking License in the UK

India to Unveil Crypto Policy Stance by September

Mike Novogratz's Firm Raises $113 Million for a New Crypto Fund

Crypto-friendly Bank Revolut Granted Banking License in the UK

Crypto Assets Join the Equity Market’s Crash Party

Bitcoin Rewards App Fold to Go Public via $365 Million Merger

Kamala Harris to Skip Bitcoin Conference in Nashville

Ferrari to Start Accepting Crypto Payments in Europe

How Successful Was Day 1 for ETH ETFs?

$900 Billion Asset Manager Hamilton Lane Launches Fund on Solana

Avail DA Mainnet and AVAIL Token Go Live

Swan Bitcoin Defers IPO, Terminates Mining Operations

SEC Officially Approves Spot Ether ETF Trading

OKX Launches a Telegram Mini-App Game To Test Users' Crypto Market Instincts

Asia's First Bitcoin Futures Inverse Product To Launch in Hong Kong: What You Need to Know

Crypto Reacts: The Impact of Biden's Withdrawal and Harris's Endorsement on Market Volatility

Winklevoss Twins Backs John Deaton with $1Million to Unseat Senator Elizabeth Warren

Microsoft and Crowdstrike Outage Causes Global Tech Disruptions, Crypto Remains Unshaken

WazirX Hack Update: $149 Million in Crypto Converted to Ethereum by Hackers — Here’s Why

$235M Crypto Theft from WazirX is Linked to North Korean Hackers, Says Elliptic

Russia to Implement Cryptocurrency Payments System for International Trade

Ethereum and Cardano Founders Split on Crypto’s Role in Elections: Here's The Gist

Trump to Release Fourth NFT Collection

FTX and CFTC Finalize $12.7 Billion Settlement Deal

DeFi Protocol LI.FI Hacked for $11 Million

Stripe Enables Crypto Purchase via Debit, Credit Cards for EU Users

Big Payday Incoming: Mt. Gox Creditors to Receive Funds from Kraken Soon

Japanese Firm Metaplanet Adds $1.2M To Its Bitcoin Bag, Here's How Much It Holds Now

Anticipated Ethereum ETFs Expected to Begin Trading Next Tuesday — Details

Trump’s Running Mate JD Vance Owns $100k-$250k Worth Bitcoin

Genesis-Linked Wallet Transfers 600 BTC to Coinbase

Crypto Investments Register $1.4 Billion Net Inflows Last Week

One Tornado Cash Dev’s Bail Denied, Another’s Trial Gets Postponed

Certain Firms Granted Relief from SEC Crypto Accounting Rules

Judge ‘Not Moved’ by Coinbase’s Arguments to Subpoena Gensler’s Private Comms

Are Institutions Eying a Piece of the Crypto Pie?

How Behind is Biden in the Crypto Race?

MicroStrategy to Execute 10:1 Stock Split

Crypto Exchange BitMex Pleads Guilty to Bank Secrecy Act Violation

Starknet Staking Expected to Go Live by Year End

YieldMax’s ETF Providing Short Exposure to Coinbase Launches on NYSE Arca

Rome Raises $9 Million to Bring Solana Services on Ethereum

Messi, Ronaldinho Promote Solana Meme Coin WATER

World Chain Enters Testing Phase: Developer Preview Launched by Worldcoin Foundation

Celebrity Crypto Scam: Hackers Hijack Doja Cat’s X Account to Pump DOJA Token

TOKEN2049 Singapore Set to Be World’s Largest Web3 Event With 20,000 Attendees And Over 500 Side Events

Paxful Drama Unfolds: Co-founder Faces Jail Time Over Major Compliance Failures

Biden’s Odds of Becoming President Again Drops to 9% on Polymarket

German MP Says Govt’s Hasty Selling is Insensible, Counter-productive

$675 Million Worth Crypto Positions Rekt as BTC Drops to $54k

Mt. Gox Officially Begins BTC, BCH Repayments

Telegram-based Notcoin Rises to Popularity in Africa, Europe, Asia

Opera Mini’s Crypto Wallet Adds USDT, USDC Support

Mt. Gox, German, and American Government Move BTC

Is Friend.tech’s Native Token Moving From Base?

CoinDCX Acquires BitOasis in a Bid to Expand Globally

Crypto Bank Sygnum, Asset Manager Fidelity Tie Up With Chainlink

Aave’s GHO Stablecoin Goes Live on Arbitrum

Sydney Sweeney's Hacked X Account Promotes Crypto Token

1,333 Tokens on the Chopping Block? South Korea Ramp Up Crypto Regulations

Ethereum ICO Whale Moves $24 Million to Kraken

Bitcoin Miner Northern Data Considering US IPO in H1 2025

Japan: Sony to Revamp and Launch Crypto Exchange WhaleFin

DeFi: Weekly Protocol-Centric Updates

Animoca Looking to Go Public in 2025

Kraken Founder Donates $1 Million to Trump

Crypto: Weekly Sentence-Settlement Check

Coinbase Sues SEC, FDIC For Stonewalling Information

Crypto Miner Marathon Ventures Into Kaspa Mining

South Korean Crypto VC Hashed Expands to Abu Dhabi

17 Billion BLAST to be Distributed to Early Users via Initial Airdrop

Conduit Raises $37 Million in Series A Round Led by Paradigm, Haun Ventures

SEC Chief Gensler Says Ether ETF Review Process ‘Going Smoothly’

Solana Launches Two ‘Superpower’ Features: Blinks and Actions

Bitcoin Lightning App Strike Launches in UK

German Government Wallet Offloads 900 BTC

White House Welcomes Back Biden's Crypto Policy Architect

Trump Might Flock To Nashville To Talk At Bitcoin Conference In July

Binance Invests in Berachain LST Protocol Infrared