DeFi

DeFi project Sonne Finance closes markets after $20 million hack

Published

11 months ago

on

Once again, the DeFi world has been hit by a series of horrific hacks.

The last target? Sonne Finance, a decentralized lending protocol running on Optimism and Base, fell victim to a daring hacker, earning a staggering $20 million. This exploit, reminiscent of vulnerabilities seen in Compound Finance forks, sent shockwaves through the DeFi community.

Here is what happened.

Understanding the heist

Sonne Finance wasted no time in responding to the breach, quickly shutting down all markets on the Optimism platform to contain the damage. Still, they ensured that the funds on base remained secure against the onslaught.

According to PeckShield, a blockchain security company, the attacker targeted Sonne Finance by exploiting a well-known vulnerability found in Compound Finance forks. This flaw allowed the hacker to siphon approximately $20 million from Sonne Finance smart contracts within the Optimism network.

Exploit Weaknesses

Sonne Finance, the derivative of Compound V2, was linked to some weaknesses inherited from its codebase. Hundred Finance and Midas Capital were victims of DeFi hacks last year and the same vulnerabilities were used in previous DeFi hacks.

In these attacks, malicious actors manipulate exchange rates to artificially increase the value of collateral in order to drain loan reserves with few tokens.

The feat that happened to Sonne Finance originated in the implementation of a new market contract for VELO, coupled with a subsequent governance proposal to activate it. Seizing the opportune moment, the attacker executed the contract just after the completion of a 24-hour deadline, positioning himself as the first to reap the spoils of the exploit.

Rising from the ashes: recovery efforts Now in place!

After the feat, Sonne Finance quickly took decisive action, shutting down all bullish markets to stop the bleeding. Yet amid the chaos, the core market remained firm and resolute, untouched by the storm.

In its post-mortem of the incident, Sonne Finance published a list of wallet addresses belonging to the manipulator in an attempt to find the culprit. The team highlighted its ongoing efforts to recover stolen funds, including offering bug bounty, leveraging support from the entire crypto community, and engaging with relevant stakeholders.

Many versions of Compound V2 are already in circulation; therefore, security protocols should be the priority, which includes regular audits and timely vulnerability patches.

We have you. Here is an overview of DeFi security best practices: Learn DeFi and Take Control of Your Finances

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version