Sonne Finance Pauses Optimism Markets Following $20M Exploit

Why Trust Techopedia
Key Takeaways

  • Sonne Finance, a DeFi platform, suffered a $20 million token theft due to a vulnerability in its USDC and WETH contracts on the Optimism network.
  • The platform paused its operations on Optimism to contain the breach and is negotiating a bug bounty with the hacker.
  • The attacker moved $7.8 million of the stolen funds to a new address, converting some into Ethereum and Dai.

Sonne Finance, a decentralized finance (DeFi) lending platform operating on Optimism and Base Layer 2 networks, experienced a security breach.

It resulted in the theft of $20 million worth of tokens. In response, the platform promptly halted its markets on Optimism to mitigate further losses.

Sonne Finance Attributes Exploit to Fork Vulnerability

On May 14, at approximately 10:30 pm UTC, Cyvers, a Web3 security firm, sounded the alarm on an active attack targeting Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts.

Just 25 minutes after the attack, Sonne Finance discovered that the thief had already stolen $20 million in WETH, VELO, soVELO, and Wrapped USDC (USDC.e).

Subsequently, the platform collaborated with Cyvers to comprehensively investigate the incident. Sonne Finance is pursuing various avenues to recover the stolen assets, including negotiating a bug bounty with the hacker.

This approach involves the hacker returning most of the stolen funds while keeping around 10% as a reward for identifying a security vulnerability.

According to the post-incident report from Sonne Finance, the team introduced a new market contract for VELO along with a governance proposal to activate it.

Four days after the proposal’s approval, the attacker made their move, becoming the first entity to execute the contract after the 24-hour timelock had elapsed. The hacker utilized a known exchange rate vulnerability, where a perpetrator inflates the value of their collateral to manipulate the lending pool to release large amounts of tokens.

Following the breach, Sonne Finance immediately halted all markets on the Optimism network on May 15 at 12:11 am UTC, while operations on the Base network continued as normal.

This exploit is not unique to Sonne Finance. Hundred Finance experienced a similar vulnerability on April 15, 2023, when the hacker manipulated the exchange rate to inflate the collateral value, thereby draining lending pools with only a small amount of tokens.

Sonne Finance Hacker Moved $7.8 Million to New Address

After compromising Sonne Finance’s security, the hacker, unyielding to negotiation attempts, transferred a substantial portion of the stolen funds, amounting to $7.8 million, to a newly created wallet address.

The hacker then exchanged 59 Wrapped Bitcoin (WBTC) tokens for roughly 1,185 Ethereum (ETH) and 183,000 Dai stablecoins. This latest development indicates an intention to hide the trail of the stolen funds by potentially funneling them through privacy-focused protocols such as Tornado Cash.