Sonne Finance, a decentralized lending protocol, experienced a major security breach resulting in the loss of around $20 million. The hack, which occurred earlier today, was tied to a vulnerability in Compound v2 forks employed by Sonne Finance. The attacker took advantage of this weakness through a known donation attack, as per the project’s post-attack report.
How Did the Hack Unfold?
Following the breach, Sonne Finance quickly halted all markets on the Optimism network while maintaining operations on the Base network. This decision was influenced by blockchain security firm PeckShield, which advised a review of the protocol’s time-lock contract. The Sonne Finance team identified the issue just 25 minutes post-attack and acted promptly to minimize further damage.
The detailed attack report outlined how the hacker exploited the system. Sonne Finance had planned to introduce VELO markets with transactions through a multisig wallet requiring a two-day time lock. The hacker capitalized on this gap, conducting four transactions immediately after the time lock ended and subsequently adding a c-factor to the markets.
Why Haven’t the Funds Been Recovered?
Despite the swift response, Sonne Finance confirmed that the stolen funds remain unrecovered. The team remains dedicated to identifying the hacker and is exploring all possible avenues to do so. They have even considered offering a reward for the safe return of the assets, a common tactic in the cryptocurrency market.
Key Takeaways from the Attack
– Recognize the critical need for robust security protocols in DeFi platforms.
– Implementing immediate response measures can mitigate further losses.
– Time-lock contracts can be a point of vulnerability if not managed carefully.
– Offering rewards can be a strategic approach to recover stolen funds.
In conclusion, this incident underscores the ongoing security challenges in decentralized finance (DeFi) protocols. It also highlights the necessity for robust security strategies and quick action to curb the impact of such breaches.