Sonne Finance Falls Victim to $20M Hack, Forcing Protocol to Pause Operations

Published: May 15, 2024
Written By:
Vignesh Karunanidhi
Milk Road Writer

Lending protocol Sonne Finance has suspended its operations following a hack that resulted in the theft of $20 million worth of cryptocurrencies from the platform.

The incident, which occurred on May 14 at approximately 10:30 p.m. UTC, was first detected by Web3 security firm Cyvers. The firm noted an ongoing attack targeting Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts.

Key points:

  • Sonne Finance suffered a $20 million hack, forcing the protocol to pause operations.
  • The attacker took advantage of a flaw in the recently added Velodrome Finance (VELO) token markets.
  • The hacker stole WETH, VELO, soVELO, and Wrapped USDC (USDC.e) before Sonne Finance could respond.
  • The attacker has already moved $7.8 million of the loot to a new wallet address.

Also read: El Salvador Volcanic Bitcoin Mining Yields 473.5 BTC, Boosting Holdings To 5,750 Coins

The hacker siphoned off $20 million in various cryptocurrencies, including WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e). This is despite the fact that Sonne Finance became aware of the situation just 25 minutes after Cyvers’ detection.

Sonne Finance is trying to negotiate with the hacker

As part of its efforts to recover the stolen funds, Sonne Finance is considering all available options, including the possibility of negotiating a bug bounty with the hacker.

However, according to blockchain investigator PeckShield, the attacker appears to have no interest in negotiations. This is because they have already transferred $7.8 million of the stolen funds to a new wallet address.

Also read: Tornado Cash Developer Convicted Of Money Laundering, Sentenced To 64 Months In Prison

The exploit was made possible due to a vulnerability that arose after Sonne Finance added token markets for Velodrome Finance’s VELO token, following a recent community proposal.

The attacker took advantage of a two-day time limit to execute four transactions, which included creating markets and adding collateral factors.

Prior to this incident, Sonne Finance had successfully avoided similar issues by implementing various safeguards, such as adding markets with zero collateral factors, manually adding collateral, and permanently removing it before anyone could exploit the market.

Vignesh Karunanidhi

Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.

Vignesh Karunanidhi
Milk Road Writer
Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.