- Up to $20 million has reportedly been stolen from Sonne Finance USDC and WETH contracts.
- Attack was executed in two bits, $3 million followed by a $17 million siphon, reports indicate.
- Overnight.Fi’s USD on Optimism reportedly affected as well, a 74% loss if the markets are not exited in time.
Sonne Finance was the latest victim of an exploit, with reports indicating that bad actors siphoned funds from its Circle (USDC) stablecoin and wrapped Ethereum (WETH) contracts.
Also Read: Prisma Finance hacker could be uncovered after investigations by on-chain analyst
Sonne Finance exploited for $20 million
Several market watchers have indicated that Sonne Finance has been exploited for close to $20 million on Optimism, with the bad actors capitalizing on its USDC and WETH contracts.
In the first attack, the total losses reached $3 million, followed by another siphon of up to $17 million, with investigators flagging this address as the attacker.
Sonne Finance is a decentralized lending protocol for individuals, institutions, and protocols to access financial services. Its website describes it as a “permissionless, open source and Optimistic protocol serving users on Optimism.” Users can deposit their assets, use them as collateral, and borrow against them.
With this, experts advise community members to exit the protocol while they still can through borrows.
Reports also indicate that Overnight.Fi’s USD+ on Optimism (not other chains) has also been affected by this exploit, with the potential for a 74% loss if the markets are not exited in time.
Considering Sonne is a Compound version 2 (V2) fork, all forks might be in danger. Among them are LayerBank, Mendi Finance, Orbit on Blast, Ionic, and Iron Bank, among others, DefiLlama shows.
Related:
Overnight (funds exploited)
Sonne on Base
Mendi on Linea
idk the other 7 shitforks they have on random chainsetc https://t.co/El6l6q5Mwk
— yieldfarming (@delucinator) May 14, 2024
Generally, this type of exploit only affects funds that are in the protocol and may not compromise the wallet as a whole. This means that other dApps that have nothing to do with it may be safe, but revoking the approvals would be advisable, with some encouraging the withdrawal of money from all Compound V2 forks as an extra precaution.
Sonne Finance did not immediately respond to FXStreet’s request for comment.