Sonne Finance Exploited for 20 Million Dollars on Optimism with known donation attack

2024-05-15 by Ndaman Olayinka 4 minutes read
Sonne Finance Exploited for 20 Million Dollars on Optimism with known donation attack

Sonne Finance, a decentralized lending protocol for individuals, institutions, and protocols to access financial services, has been exploited for at least $20 million with known donation attacks to Compound v2 forks.

Hi @SonneFinance: Please double check your timelock contract and the loss is now more than $20m.

— PeckShield Inc. (@peckshield) May 15, 2024

According to an official statement by Sonne Finance, the decentralized non-custodial lending protocol on optimism was said to have been hacked for at least $20 million. The attack, which was orchestrated using a vulnerability common to compound finance forks, has caused a stir among the DeFi community.

The firm explaining how the exploiter was able to gain access said, “We avoided the issue in the past by adding the markets with 0% collateral factors, adding collateral, and burning them, only then increasing the c-factors according to the proposals.”

We recently approved a proposal to include VELO markets in Sonne, as you may be aware. In addition to scheduling the transactions on the multisig wallet, we also scheduled the c-factors to be executed in two days due to the two-day timelock. Rather than being permissionless on base, our multisig execution is permissionless on optimism.

Following the expiration of the two-day timelock for market creation, the exploiter executed four transactions before completing the transaction to add the c-factor to the markets. The attacker used the known donation attack to exploit the protocol for approximately $20 million after the markets were executed without the company noticing.

Sonne Finance thanked Seal contributors' for the quick discovery of the hack and for saving $6.5 million by adding roughly $100 worth of VELO to the markets.

Furthermore, the firm stated that the team at Sonne became aware of the issue 25 minutes after the exploit, and despite not being able to save the funds, they quickly started an investigation to unravel the exploiter’s identity.

In response to the hack, Sonne Finance immediately paused the markets on the Optimism platform to mitigate further damages.

The DeFi project stated that the company is ready to give a bounty to the exploiter in exchange for returning the funds and not committing to pursuing the issue further.

In related news reported earlier by whaleinsider.news, Hedgey Finance falls victim to $44.5 million exploitation.

Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.