DeFi Project Sonne Finance Halts Trading Following $20M Hack

Sonne Finance, a decentralized finance (DeFi) platform, fell victim to a daring hack, resulting in a shocking $20 million loss. The hack targeted Sonne’s Optimism markets, while the Base markets remained unaffected. Sonne Finance wasted no time in responding to the breach and promptly shut down all markets on the Optimism platform to prevent further damage. However, they assured users that funds on Base were secure. PeckShield, a blockchain security firm, revealed that the attacker exploited a well-known vulnerability found in Compound Finance forks to siphon the funds from Sonne Finance’s smart contracts on the Optimism network.

Sonne Finance, being a derivative of Compound V2, inherited certain weaknesses from its codebase. These vulnerabilities have been exploited in previous DeFi hacks, such as those that targeted Hundred Finance and Midas Capital last year. In these attacks, the malicious actors manipulate exchange rates to artificially increase collateral values and drain lending pools.

The exploit that affected Sonne Finance was rooted in the implementation of a new market contract for VELO, followed by a governance proposal to activate it. Taking advantage of the situation, the attacker executed the contract immediately after the completion of a 24-hour timelock, positioning themselves to be the first to benefit from the exploit.

In response to the hack, Sonne Finance took swift action to halt all Optimism markets and contain the damage. The Base market remained unaffected. The team at Sonne Finance released a post-mortem of the incident, sharing wallet addresses that belonged to the manipulator in hopes of identifying the culprit. They are actively working to recover the stolen funds, offering a bug bounty and seeking support from the crypto community and relevant stakeholders.

Given the various versions of Compound V2 in circulation, it is crucial for DeFi platforms to prioritize security protocols, including regular audits and timely vulnerability patches. It is essential for users to familiarize themselves with DeFi security best practices to protect their finances.