- Sonne Finance’s SONNE token plummeted 60% to 2.5 cents after a hack drained $20 million from the decentralized lending protocol.
- The exploiters used a “donation” attack to manipulate markets. The incident occurred on the Optimism blockchain version; the Base blockchain version was unaffected.
- The exploit happened after the protocol added token markets for Velodrome Finance’s VELO. The attacker took advantage of a two-day timelock to execute four transactions, creating markets and adding collateral factors.
As an experienced analyst, I believe that the Sonne Finance hack is a significant setback for the decentralized finance (DeFi) community, particularly on the Optimism blockchain. The exploiters’ use of a “donation” attack to manipulate markets and steal millions of dollars worth of tokens is a reminder of the potential vulnerabilities in DeFi protocols.
As a financial analyst, I would rephrase it this way: I discovered yesterday that Sonne Finance suffered a significant setback when their SONNE token value dropped following an unfortunate disclosure by the developers. They admitted to a hack that led to the theft of approximately $20 million from their decentralized lending platform.
Sonne’s value plummeted by 60% to reach a low of 2.5 cents, marking its lowest point in over a year. Consequently, its market capitalization shrank to $20 million, despite the developers’ claim that they successfully halted the theft of $6.5 million once they became aware of the cyberattack.
Malicious actors took advantage of a “donation” scheme to manipulate specific markets on Sonne’s platform, based on the Optimism blockchain. They managed to make off with several tokens during this attack. Importantly, the incident did not impact the base version of the platform running on a different blockchain. (Imagine an app being breached on iOS but remaining secure on Android.)
How the Exploit Happened
As a researcher, I’ve come across an incident where an exploit occurred in the protocol after the addition of token markets for Velodrome Finance’s VELO following a recent community proposal. An attacker successfully took advantage of the two-day timelock to execute a series of transactions, which involved creating markets and adding collateral factors.
A smart contract on the blockchain, referred to as a timelock contract, is designed to carry out a transaction automatically two days following its locking or initialization.
An attacker manipulated the exchange rate between two tokens by making large cryptocurrency donations for transactions, giving the impression to the platform that they had greater collateral on hand than in reality.
The blockchain records indicate that an intruder successfully moved large quantities of VELO, ether, and USDC after the manipulation incident. Subsequently, they exchanged these assets for approximately $8 million in bitcoin and ether. The stolen funds were then transferred to a different wallet address during early European hours.
In the past, the protocol circumvented comparable predicaments by incorporating markets with no collateral requirements, adjusting collateral manually, and eliminating it permanently prior to any potential market manipulation.
In the report concerning the security breach, the developers announced their efforts to recover the stolen funds and proposed a reward for the capturing hacker.
Read More
- PENDLE PREDICTION. PENDLE cryptocurrency
- CKB PREDICTION. CKB cryptocurrency
- PBX PREDICTION. PBX cryptocurrency
- USD DKK PREDICTION
- GEAR PREDICTION. GEAR cryptocurrency
- EUR INR PREDICTION
- USD VND PREDICTION
- ICP PREDICTION. ICP cryptocurrency
- TANK PREDICTION. TANK cryptocurrency
- LDO PREDICTION. LDO cryptocurrency
2024-05-15 12:31