DeFi protocol suffers $20 million attack and token collapses

The decentralized finance (DeFi) protocol Sonne Finance, based on the Optimism network, one of Ethereum’s main second layer (L2) networks, was the target of an attack that resulted in an estimated loss of US$20 million. The attack occurred on Wednesday morning (15).

Originating as a fork of Compound V2, Sonne Finance had a total value locked (TVL) of just over $60 million before the incident, according to data from DeFi Llama. Now, the TVL is no more than US$4.75 million. In other words, there was a drop of more than 92% in the value locked in the DeFi protocol.

In light of the attack, the team responsible for Sonne Finance decided to pause the protocol on the Optimism network pending an investigation into what happened. The team highlighted that loans are being traded normally on Base, a layer 2 developed by Coinbase.

DeFi protocol Sonne pauses operations after attack

The specific cause of the exploit has not yet been officially determined, although there is speculation that it may be related to a lending marketplace recently added to the protocol.

As a consequence of the exploitation, the DeFi protocol’s native token, SONNE, suffered a precipitous drop in its market value as well as its price.

According to data from CoinGecko, the asset’s price fell from $0.063 to $0.025, its lowest level in over a year. The cryptoactive accumulates a daily devaluation of 55%. Meanwhile, the token’s market cap stands at $2.3 million.

The exploiters used a “giveaway” attack to manipulate certain markets offered by the platform, stealing several tokens before being disrupted.

This incident highlights the challenges and vulnerabilities facing the DeFi ecosystem, where the security and integrity of protocols are constantly tested.

In a report on the attack, the DeFi protocol developers said they were working to recover the stolen funds. Additionally, they offered a reward to the hacker.

“We are ready to give rewards to the explorer, as well as not committing to continue with the matter, in the event of the return of the funds. We sincerely regret the situation, are doing everything in our power and are in contact with anyone who can assist in recovering the funds,” the team said in a post-mortem.