- Up to $20 million has reportedly been stolen from Sonne Finance USDC and WETH contracts.
- Attack was executed in two bits, $3 million followed by a $17 million siphon, reports indicate.
- Overnight.Fi’s USD on Optimism reportedly affected as well, a 74% loss if the markets are not exited in time.
With PeckShield attributing the attack to a time-locked contract, Sonne Finance has suspended all Optimism markets, adding that the Base market is safe. Noteworthy, Sonne Finance is the first platform to launch a lending protocol on Optimism.
All markets on Optimism have been paused.
Markets on Base are safe.
We’ll provide more information with time.
— Sonne Finance (@SonneFinance) May 15, 2024
The following section was published at around 00:05 GMT, shortly after news of the exploit broke.
Sonne Finance was the latest victim of an exploit, with reports indicating that bad actors siphoned funds from its Circle (USDC) stablecoin and wrapped Ethereum (WETH) contracts.
Also Read: Prisma Finance hacker could be uncovered after investigations by on-chain analyst
Sonne Finance exploited for $20 million
Several market watchers have indicated that Sonne Finance has been exploited for close to $20 million on Optimism, with the bad actors capitalizing on its USDC and WETH contracts.
Heads up, y’all @SonneFinance is under siege; $3 million’s been siphoned off from their USDC and WETH contracts.
This skirmish is ramping up—another $17 million’s gone missing, pushing total damages north of $20 million. @SonneFinance, better jump on this quick. https://t.co/L6BRS1eXA5 pic.twitter.com/soDIvfGcV1
— Tommy Famous (@TommyBeFamous) May 14, 2024
In the first attack, the total losses reached $3 million, followed by another siphon of up to $17 million, with investigators flagging this address as the attacker.
Sonne Finance is a decentralized lending protocol for individuals, institutions, and protocols to access financial services. Its website describes it as a “permissionless, open source and Optimistic protocol serving users on Optimism.” Users can deposit their assets, use them as collateral, and borrow against them.
With this, experts advise community members to exit the protocol while they still can through borrows.
Reports also indicate that Overnight.Fi’s USD+ on Optimism (not other chains) has also been affected by this exploit, with the potential for a 74% loss if the markets are not exited in time.
Get out of @SonneFinance while you can, there is still about mid 6 figures of borrow liquidity available.@overnight_fi’s USD+ on Optimism (not other chains!) is unfortunately hit by this too, a 74% loss if the markets are not exited in time.https://t.co/uDjQq31WtR https://t.co/7Uhupcfvpi pic.twitter.com/2IAyXXwYIH
— Saul (@SaulCapital) May 14, 2024
Considering Sonne is a Compound version 2 (V2) fork, all forks might be in danger. Among them are LayerBank, Mendi Finance, Orbit on Blast, Ionic, and Iron Bank, among others, DefiLlama shows.
Related:
Overnight (funds exploited)
Sonne on Base
Mendi on Linea
idk the other 7 shitforks they have on random chainsetc https://t.co/El6l6q5Mwk
— yieldfarming (@delucinator) May 14, 2024
Generally, this type of exploit only affects funds that are in the protocol and may not compromise the wallet as a whole. This means that other dApps that have nothing to do with it may be safe, but revoking the approvals would be advisable, with some encouraging the withdrawal of money from all Compound V2 forks as an extra precaution.
Sonne Finance did not immediately respond to FXStreet’s request for comment.
Read the full article here