Sonne Finance Token Plummets 60% Following $20M Exploit on Optimism Network

• Sonne ‍Finance’s SONNE token experienced a dramatic 60% drop, falling to 2.5 ⁤cents, after a breach resulted in a ‌$20 million ‍loss from ⁤the decentralized lending protocol.

• The attackers employed ‌a “donation” attack strategy‌ to exploit market vulnerabilities. This incident specifically impacted the⁣ Optimism blockchain version, ⁣while the ‍Base blockchain version remained unaffected.

• The breach⁤ occurred ‍following the protocol’s integration ⁤of token ⁤markets for Velodrome Finance’s VELO. By leveraging a two-day timelock, the attackers executed ‍a sequence of four transactions, manipulating markets and modifying collateral factors.

The SONNE token’s value ⁤plummeted ​mid-week after ⁢Sonne Finance developers⁣ confirmed a security compromise, which ‌drained $20​ million from⁣ their decentralized lending protocol.

In⁢ the wake of the attack, SONNE’s market value‍ dropped 60% to 2.5 cents, its lowest point in over a year. This brought the market ⁢cap down to $20 million, despite developers preventing an additional $6.5 million ⁣from ​being stolen once ⁢the breach was detected.

The ⁣attackers orchestrated a “donation” attack to distort specific markets ⁣on ⁤the ‌platform, subsequently stealing various tokens before being halted. This breach targeted Sonne’s protocol ⁢on the Optimism blockchain. In contrast,⁣ Sonne’s Base blockchain version did not​ suffer any intrusions.

Details ​of the Exploit

The ‌vulnerability was exploited after the protocol​ introduced token markets for Velodrome Finance’s VELO, as per a recent community proposal. The hackers capitalized on a two-day timelock to perform four ⁢strategic ⁢transactions, which included market creation ‍and manipulation of collateral factors.

A timelock contract is a ‌specialized ‍smart ‍contract within a ⁣blockchain that enforces transaction execution at a ‍predetermined time, in this scenario, two ⁤days post-lock.

The ⁢attackers managed to manipulate the platform ⁤by donating significant amounts of cryptocurrency, skewing the exchange ⁤rates between two tokens and consequently⁢ inflating the perceived collateral.

Blockchain‌ analysis indicates that the attackers succeeded in transferring millions in VELO, ether, and USD Coin (USDC). These were later converted to approximately $8 million in bitcoin and ether and moved to⁢ a new wallet‌ address during early‍ European hours.

Previously, the protocol ⁢had mitigated such risks by implementing markets with zero initial ‌collateral factors and manually controlling‌ collateral adjustments⁤ to​ prevent market manipulation.

In their post-incident report, ‍the‌ developers stated they are actively working to ‍recover⁤ the ⁢stolen assets and have proposed ⁣a bounty for the hacker’s cooperation.