Sonne Token Plummets 60%, Loses $20M to Hack on Optimism

Sonne Finance's SONNE token plummets 60% after a $20M hack on Optimism, exposing blockchain vulnerabilities.

By Jack Wilson

5/15, 05:42 EDT
Bitcoin / U.S. dollar

Key Takeaway

  • Sonne Finance's SONNE token plummeted 60% to 2.5 cents after a $20M hack on its Optimism blockchain platform.
  • The exploit involved a "donation" attack, manipulating markets and leading to the theft of various tokens.
  • Developers halted an additional $6.5 million theft, are pursuing stolen funds recovery, and offered a bounty for the hacker.

Sonne Finance Suffers Major Hack

Sonne Finance's SONNE token experienced a dramatic plunge, dropping 60% to a new low of 2.5 cents, following the revelation of a $20 million hack on its decentralized lending protocol. This incident, which unfolded early Wednesday, saw the market capitalization of SONNE halve to $20 million, despite the developers' efforts to mitigate the damage by preventing an additional $6.5 million from being stolen. The exploit targeted the protocol's operations on the Optimism blockchain, leaving its Base blockchain counterpart unaffected, akin to an app being compromised on iOS but remaining secure on Android.

Exploit Details Unveiled

The attackers executed a sophisticated "donation" attack, manipulating the exchange rates between tokens on the platform by exploiting newly added token markets for Velodrome Finance’s VELO. This was made possible following a community proposal and the subsequent two-day timelock period, which allowed the attackers to carry out transactions that inflated the platform's perceived collateral. The manipulation involved donating large sums of cryptocurrency to skew the exchange rates, enabling the theft of various tokens including VELO, ether, and USD Coin (USDC). The stolen funds were then converted into $8 million worth of bitcoin and ether and moved to a new wallet address.

Blockchain Vulnerabilities Exposed

The incident has shed light on the vulnerabilities inherent in blockchain protocols, particularly those involving complex financial transactions and token exchanges. The timelock contract, a mechanism designed to add security and predictability to transactions, was ironically exploited to facilitate this attack. This breach underscores the challenges decentralized finance (DeFi) platforms face in securing their ecosystems against increasingly sophisticated cyber threats. Prior to this event, Sonne Finance had implemented measures to prevent market manipulation by setting zero collateral factors and manually managing collateral additions and removals, yet these were insufficient to thwart the latest exploit.