Sonne Finance Loses $20M to “Known Donation Attack”
- Sonne Finance has been exploited.
- Assets worth millions of dollars were stolen following the attack.
- The protocol has initiated the recovery process.
Sonne Finance has lost millions of dollars to a “known donation attack” on its Compound v2 forks on Arbitrum , the protocol announced on Wednesday.
Launched in September 2022, Sonne Finance brands itself as a decentralized, non-custodial liquidity market protocol on Optimism Mainnet and Base. The protocol allows users to deposit their assets as collateral for borrowing various assets against them, including WBTC, WETH, USDT, USDC, and DAI.
Sonne Finance Suffers an Attack
On May 15, blockchain security firm Cyvers alerted the X (Twitter) crypto community to an attack on Sonne Finance, estimating that $3 million had been stolen from the protocol’s USDC and WETH contracts.
Sponsored
Without directly addressing the issue, the Sonne Finance team informed its users two hours later that “all markets on Optimism have been paused,” urging them to stay tuned for more updates.
Hours after its first update, Sonne Finance issued a detailed post-mortem of the incident, noting that the attacker had exploited four of the multiple transactions scheduled by the protocol on May 12 as part of its plan to integrate VELO markets.
“After the execution of the markets without us noticing, the attacker was able to exploit the protocol for ~$20M with the known donation attack,” the Sonne Finance team wrote.Noting that it became aware of the incident 25 minutes later, Sonne Finance said it had assembled a “war room” to investigate the exploiter’s identity to recover the stolen funds.
Sponsored
Per the post-mortem report, besides doing everything in its “power,” Sonne Finance is in “contact with anyone that can help with recovering the funds.”
Stay updated on North Korea’s malware targeting crypto exchanges:
How North Korea’s Durian Malware Targets crypto exchanges
Read how Parity Wallet hacker began laundering stolen loot after seven years of inactivity:
Parity Wallet Hacker Launders $9M After Seven Years Hiatus
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Vitalik Buterin urges Web3 wallets to improve security, privacy
Fan tokens offer stability — NFTs have not
Safe’s Safenet wants to bring Visa-like payments network to crypto