DeFi

DeFi project Sonne Finance leveraged for $20 million thanks to optimism

Published

8 months ago

on

A series of hacks took place. The latest victim was Sonne Finance, a decentralized lending protocol that runs on Optimism and Base. The protocol was hacked for at least $20 million. The planned attack via a vulnerability typical of Compound Finance forks created a storm in the DeFi community.

Sonne Finance immediately closed all markets on the Optimism platform in response to the hack and ensured that funds on Base were safe from the attack.

Exploit Details

PeckShield, a blockchain security company, claims that Sonne Finance was attacked by a hacker who used a known vulnerability in Compound Finance forks. This bug allowed the attacker to withdraw approximately $20 million from Sonne Finance smart contracts on the Optimism network.

Understanding the operating technique

Sonne Finance, the derivative of Compound V2, was linked to some weaknesses inherited from its codebase. Hundred Finance and Midas Capital were victims of DeFi hacks last year and the same vulnerabilities were used in previous DeFi hacks.

In these attacks, malicious actors manipulate exchange rates to artificially increase the value of collateral in order to drain loan reserves with few tokens.

Sonne Finance’s feat was possible thanks to the implementation of a new market contract for VELO and a subsequent governance proposal to activate it. Once the proposal was adopted, the attacker cleverly executed the contract just after the 24-hour deadline expired. He was therefore the first to benefit from the exploit.

Response and recovery efforts

After the exploit, Sonne Finance took the necessary measure by stopping all Optimism markets to limit the damage. The basic market remained safe and stable.

In its post-mortem of the incident, Sonne Finance published a list of wallet addresses belonging to the manipulator in an attempt to find the culprit. The team highlighted its ongoing efforts to recover stolen funds, including offering bug bounty, leveraging support from the entire crypto community, and engaging with relevant stakeholders.

Many versions of Compound V2 are already in circulation; therefore, security protocols should be the priority, which includes regular audits and timely vulnerability patches.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version