Sonne Finance Hit by $20M Attack, SONNE Token Plummets 60%

• Cyvers identified an attack on Sonne Finance, resulting in the theft of $3 million from their USDC and WETH contracts on the Optimism blockchain.
• Following the hack, SONNE dropped by 60% to 2.5 cents, marking its lowest point in more than a year

On May 14, Web3 security company Cyvers announced on X (formerly Twitter) that they had identified an attack on the lending protocol Sonne Finance, resulting in the theft of $3 million from their USD Coin (USDC) and Wrapped Ether (WETH) contracts.

This incident occurred on the Optimism blockchain version, while the Base blockchain version remained unaffected. The exploit occurred after the protocol introduced token markets for Velodrome Finance's VELO. The attacker exploited a two-day timelock to execute four transactions, creating markets and adding collateral factors.

Sonne Finance became aware of the issue 25 minutes later. However,  by that time, the lending protocol had already lost $20 million worth of WETH, Velo (VELO), and Wrapped USDC (USDC.e).

On May 15, Sonne Finance announced on X that “All markets on Optimism have been paused.” 

Soon after, the protocol partnered with Cyvers to investigate the situation further. The founder and CTO of Cyvers, in fact, commented on Sonne’s post, stating, “We will be happy to assist.”

Furthermore, according to a report, the value of the SONNE token dropped by 60% to 2.5 cents in the aftermath of the hack, marking its lowest point in more than a year. This decline reduced the market capitalization to $20 million, despite the developers' efforts to prevent $6.5 million from being siphoned off after they became aware of the ongoing attack.

Edited by Harshajit Sarmah