News View Non-AMP

Sonne Finance Vulnerability Exposed in $20 Million Crypto Heist

Published by
Nidhi Kolhapur

Staggeringly, a crypto attacker succeeded in the hack on Sonne Finance to conduct a heist using a very complex exploit that drained the company’s assets, bringing in about $20 million to the attacker. The attack played out for a few days, spotting carefully the backdoor of Sonne Finance’s VELO integration with the Optimism network.

Here are details of the attack.

How It All Unfolded

The exploit transaction of two days duration started from the date of the attack according to the detailed analysis released by CertiK. A few days before, Sonne Finance had carried out a unanimous vote to make VELO transactions possible on the Optimism blockchain and finished all the relevant transactions through the multi-sig wallet. 

This wallet included a two-day time lock which was designed to provide an added layer of security by causing transactions to be delayed for two days.

With the completion of the two-day counting period, the attacker implemented a “c-factor” to the markets by afternoon. At this crucial step, the Vulnerable attacker transmitted 400,000,001wei VELO (a minuscule part of the VELO token) in order to mint only 2 wei.

Exploiting the System

The one to get the loan was the newly issued soVELO which borrowed 35,469,150 VELO from the AMM liquidity pool immediately after the overcollateralized VELO was moved to the soVELO contract. 

However, this transfer didn’t mint additional soVELO tokens, leading to an imbalance. The total cash money in the system continued to grow while the total quantity soVELO remained at 2 wei.

That is why the attacker successfully borrowed 265 wei of Wrapped Ethereum, with just the collateral as two wei soVeLO. Due to rounding errors in the division calculations, the adversary was able to become the owner of 35,471,603 VELO. He redeemed the number of tokens for only 1 wei of soVELO instead of the 1 VELO that was suggested.  

The Drainage Operation

The attacker had not stopped sufficiently by then. The second period, they had used 100 wei of VELO at the same time at soVELO, so that generated another wei of soVELO as a total supply of 2 wei. This way they kept running the system and got assets drained from several sources. 

The assets stolen included: 2,352. 96 VELO, 795. 38 WETH, 768,933. 76 USDC. With the emergence of e ish (a USDC coin on top of Ethereum), 162,92 WBTC (Wrapped Bitcoin),  1667. 45 wstETH (wrapped staked ETH),  777k. 566 USD (Tether) and 1,264,790. 21 USDC.

Lessons to Learn

This audacious exploit serves as a stark reminder of the importance of conducting thorough code audits and implementing robust security measures to safeguard digital assets within decentralized environments.

Even the slightest oversight can pave the way for catastrophic breaches, emphasizing the critical need for vigilance in cryptocurrency security.

Also Check Out : Crypto Hack Report Q1 2024: Trends, Losses, and Recovery Efforts

Could this happen again? Yes. It’s important to keep your investments safe. Read this guide now: A Comprehensive Guide to Keeping Your Crypto Safe

Nidhi Kolhapur

Nidhi is a Certified Digital Marketing Executive and Passionate crypto Journalist covering the world of alternative currencies. She shares the latest and trending news on Cryptocurrency and Blockchain.

Recent Posts

SEC to Hold Roundtable Meeting On 9 June: “Defi and the American Spirit”

The SEC’s Crypto Task Force is getting ready for its next big event – a…

June 8, 2025

Meme Coin ETFs To Be Launched By 2026, Says Senior Bloomberg Analyst

Since after the launch of Bitcoin, & Ethereum ETF, now a fresh wave of excitement…

June 8, 2025

7 Best Meme Coins to Buy Now — APC Coin’s Deflationary Setup Catches Eyes with Neiro, Pepe Unchained, and More

What if the next big crypto boom isn't driven by Bitcoin or Ethereum, but by…

June 7, 2025

Top 7 Indicators That Ozak AI Is the Next Big Thing in AI Tokens

Convergence of artificial intelligence (AI) and blockchain technology continues to reshape the crypto space, one…

June 7, 2025

A New Era Begins with FUNToken AI Agent

FUNToken launches a smart rewards bot — the first step toward building an AI agent…

June 7, 2025

The 6 Best Crypto Exchanges: Top Picks for Seasoned Pros in 2025

The crypto market of 2025 is now a full-blown financial arena where professionals, institutional traders,…

June 7, 2025