Sonne Finance, a DeFi lending protocol, has paused operations of its markets on the Optimism network following an exploit by a hacker who has been able to siphoned off up to $20 million worth of digital assets from the platform.
The attack was brought to public attention by blockchain sleuthing platform Cyver alerts in a social media post published late on May 14, 2024.
Two hours after Cyver alerts’ post, the Sonne Finance team confirmed the attack and noted that it had begun taking action to resolve the issue It also clarified that its markets on the Base, another Layer 2 solution, were unaffected.
In a post-mortem report published early on May 15, the team noted that, following its investigation of the incident, it identified several wallet addresses associated with the attacker and described actions to trace the stolen funds.
The team also expressed a willingness to offer a bounty to the exploiter in exchange for the return of the assets.
The team emphasised its dedication to recovering the stolen funds and noted that it has constantly communicated with stakeholders and security experts to explore all possible avenues for fund recovery.
The exploit was identified as a “donation” attack, a technique where attackers manipulate the exchange rate between two tokens to deceive the platform into believing it holds more collateral than it actually does.
This specific vulnerability became apparent following the addition of Velodrome Finance’s VELO token markets, as approved by a recent community proposal. The attacker leveraged a two-day timelock period to execute four transactions, effectively creating markets and adjusting collateral factors to facilitate the exploit.
Despite the immediate and substantial impact, the Sonne Finance team noted that it was able to quickly move to mitigate further losses. The protocol was able to prevent an additional $6.5 million from being stolen by adding approximately $100 worth of VELO to the affected markets.
As the investigation and recovery efforts continue, the team has pledged to implement additional security protocols, improve oversight on new proposals, and ensure more rigorous testing of smart contract features before deployment.
However, the SONNE token has plummeted 60% following the exploit. The token is now trading at $0.02575, according to data from Coingecko.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
