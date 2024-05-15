<p><span style="font-weight: 400;">Sonne Finance, a decentralized lending protocol, experienced an exploit on Wednesday morning in Asia, resulting in losses amounting to approximately $20 million.</span></p>\r\n<p><span style="font-weight: 400;">The project said in a post-mortem </span><a href="https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06"><span style="font-weight: 400;">report</span></a><span style="font-weight: 400;"> that it was exploited due to a vulnerability in Compound v2 forks (Sonne is one). The hacker “was able to exploit the protocol for ~$20M with the known donation attack.”</span></p>\r\n<p><span style="font-weight: 400;">In response to the attack, Sonne Finance </span><a href="https://x.com/SonneFinance/status/1790535383005966554"><span style="font-weight: 400;">wrote</span></a><span style="font-weight: 400;"> in a post on X that it had paused all markets on Optimism, while those on Base remained operational.</span></p>\r\n<p><span style="font-weight: 400;">Sonne Finance’s move came shortly after blockchain security firm PeckShield </span><a href="https://x.com/peckshield/status/1790533115636781557"><span style="font-weight: 400;">warned</span></a><span style="font-weight: 400;"> on X and advised Sonne to check their timelock contract. The team added that it became aware of the issue “25 minutes after the exploit.”</span></p>\r\n<p><span style="font-weight: 400;">The team explained in the post-mortem that it recently passed a </span><a href="https://twitter.com/SonneFinance/status/1786871066075206044"><span style="font-weight: 400;">proposal</span></a><span style="font-weight: 400;"> to add VELO markets to Sonne. </span></p>\r\n<p><span style="font-weight: 400;">“We scheduled the transactions on multisig wallet, and because there is 2 days timelock, we also scheduled c-factors to be executed in 2-days,” the team wrote. “The exploiter executed 4 of the transactions when 2-day timelock ends for the creation of markets, and after that, executed the transaction for adding c-factor to the markets.”</span></p>\r\n<p><span style="font-weight: 400;">Sonne added that while they aren’t able to save the funds, “the investigation on the exploiter’s identity is still going on.” </span></p>\r\n<p><span style="font-weight: 400;">The project said it is ready to offer a bounty to the exploiter in exchange for return without disclosing more details.</span></p><br /><span class="copyright"><p>Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in <a href="https://www.foresightventures.com/portfolio">other companies</a> in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current <a href="https://www.theblock.co/financial-disclosures">financial disclosures</a>.</p>\n<p>© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p>\n</span>