Sonne Finance Token Plummets 60% Following $20M Exploit on Optimism Network
-
Sonne Finance’s SONNE token experienced a dramatic 60% drop, falling to 2.5 cents, after a breach resulted in a $20 million loss from the decentralized lending protocol.
-
The attackers employed a “donation” attack strategy to exploit market vulnerabilities. This incident specifically impacted the Optimism blockchain version, while the Base blockchain version remained unaffected.
-
The breach occurred following the protocol’s integration of token markets for Velodrome Finance’s VELO. By leveraging a two-day timelock, the attackers executed a sequence of four transactions, manipulating markets and modifying collateral factors.
The SONNE token’s value plummeted mid-week after Sonne Finance developers confirmed a security compromise, which drained $20 million from their decentralized lending protocol.
In the wake of the attack, SONNE’s market value dropped 60% to 2.5 cents, its lowest point in over a year. This brought the market cap down to $20 million, despite developers preventing an additional $6.5 million from being stolen once the breach was detected.
The attackers orchestrated a “donation” attack to distort specific markets on the platform, subsequently stealing various tokens before being halted. This breach targeted Sonne’s protocol on the Optimism blockchain. In contrast, Sonne’s Base blockchain version did not suffer any intrusions.
Details of the Exploit
The vulnerability was exploited after the protocol introduced token markets for Velodrome Finance’s VELO, as per a recent community proposal. The hackers capitalized on a two-day timelock to perform four strategic transactions, which included market creation and manipulation of collateral factors.
A timelock contract is a specialized smart contract within a blockchain that enforces transaction execution at a predetermined time, in this scenario, two days post-lock.
The attackers managed to manipulate the platform by donating significant amounts of cryptocurrency, skewing the exchange rates between two tokens and consequently inflating the perceived collateral.
Blockchain analysis indicates that the attackers succeeded in transferring millions in VELO, ether, and USD Coin (USDC). These were later converted to approximately $8 million in bitcoin and ether and moved to a new wallet address during early European hours.
Previously, the protocol had mitigated such risks by implementing markets with zero initial collateral factors and manually controlling collateral adjustments to prevent market manipulation.
In their post-incident report, the developers stated they are actively working to recover the stolen assets and have proposed a bounty for the hacker’s cooperation.