Token Radar
Token Radar
Markets
Top 100
Growth leaders
Leaders of fall
Blockchains
Tags
Crypto data
News
Exchanges
Funds
ICO/IDO
Tools
Converter
BTC Unit converter
ETH Unit converter
Cryptocurrency news

Sonne Finance's DeFi project was hacked for $20 million

Forklog / 15.05.2024 / 07:28
Sonne Finance's DeFi project was hacked for $20 million

The decentralized landing protocol of Sonne Finance was subjected to an exploit, as a result of which the damage amounted to about $ 20 million.

Post-mortem on the exploit of Sonne Finance markets on Optimismhttps://t.co/gBXDsl8ucA

— Sonne Finance (@SonneFinance) May 15, 2024

According to the statement, the attacker used a "known donation attack" on Compound v2 forks, one of which is Sonne Finance.

As a result of the hack, the protocol team suspended its work on the Optimism L2 solution. Operations on the Base continue as usual.

In 2023, Compound specialists described a vulnerability that allows attacking markets with low supply and non-zero collateral ratio (CF) on the second version of the platform. 

According to experts, in order to extract almost completely every asset on the protocol, a hacker needs to consistently repeat several steps in all cases:

create and finance a new contract;in an empty market, issue collateral tokens and redeem most of them;Donate these coins to raise the exchange rate;using this overpriced collateral to borrow another asset;return donations by redeeming collateral;liquidate the borrower's contract with the help of borrowed funds and redeem the collateral tokens.

Experts called the installation of zero CF for new markets the simplest solution for existing projects based on Compound v2.

The Sonne Finance team assured that they followed this recommendation. However, when adding support for the token protocol, VELO scheduled the fulfillment of the loan terms (c-factors) in two days.

According to the developers, the attacker waited for the unlock and made four transactions to create markets and another one to add c-factors.

Sonne Finance confirmed that they learned about the attack from the warnings of community members. 

Hi @SonneFinance: Please double check your timelock contract and the loss is now more than $20m.

— PeckShield Inc. (@peckshield) May 15, 2024

Thanks to the immediate response, it was possible to prevent the theft of assets by about $6.5 million more, the team said.

The developers added that they continue to "investigate the identity of the hacker", but are ready to offer him a reward for the return of the withdrawn funds.

Recall that in April, crypto projects lost a record low ~ $27.5 million as a result of cybercrimes, of which exploits accounted for ~ $21 million, CertiK calculated.

Source
Recently News
See all news
  • Token Radar
© Token Radar 2024. All Rights Reserved.
IMPORTANT DISCLAIMER: All content provided herein our website, hyperlinked sites, associated applications, forums, blogs, social media accounts and other platforms (“Site”) is for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content, including but not limited to accuracy and updatedness. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them. Trading is a highly risky activity that can lead to major losses, please therefore consult your financial advisor before making any decision. No content on our Site is meant to be a solicitation or offer.