Sonne Finance is a money lending program that runs on blockchain technology. On Wednesday, bad actors were able to steal $20 million worth of cryptocurrency from Sonne Finance's program running on the Optimism blockchain. However, Sonne's program on the Base blockchain was not impacted.

How the Hack Happened

The hackers used aclever trick called a "donation attack" to manipulate Sonne Finance's cryptocurrency exchange markets. This allowed them to drain out $20 million worth of digital money like ether, VELO tokens, and stablecoins.

The hack happened because recently Sonne Finance added the ability to trade the VELO cryptocurrency from another project called Velodrome Finance. The hacker took advantage of a 2-day delay period at Sonne Finance.

During this delay, the hacker was able to execute four different transactions that created new trade markets and set factors about how much the cryptocurrencies could be used as collateral to borrow money.

The key part of the hack was using the "donation attack" method. Basically, the hacker donated huge amounts of cryptocurrency to trick Sonne Finance's system into thinking it had way more funds to as collateral backing than it really did.

By manipulating the trade rates in this way, the hacker could then drain out $20 million across different cryptocurrencies onto their own wallet addresses.

Sonne Token Price Crashed

When the news of this hack came out, the price of Sonne Finance's SONNE governance token plummeted by 60%. It fell all the way down to just $0.025 per token. This caused Sonne's overall market value to drop to $20 million.

The developers at Sonne were able to stop the hack partway through after realizing what was going on. They prevented a further $6.5 million from being stolen. However, the hacker still got away with $20 million initially.

The hacker then converted $8 million of the stolen funds into bitcoin and ether cryptocurrency. They transferred these to a brand new digital wallet address to try to cover their tracks.

Sonne Tried to Prevent Such Hacks In Past

In the past, Sonne Finance had taken steps to avoid hacks like this one from happening. When adding new trade markets, they would initially set the collateral levels to zero to prevent manipulation.

Only after manually double checking, would they cautiously increase the collateral factor for that market. And they would remove it again quickly before any bad actors could exploit it.

However, in this case with adding the VELO markets, the Sonne team failed to properly follow this process, allowing the devastating donation attack hack to occur.

What's Next for Sonne?

In their report about the incident, the Sonne Finance team says they are still investigating how to retrieve any of the stolen $20 million funds. They also said they have put out a bounty reward for the hacker if they will return the funds.

For now, the Sonne Finance platform remains paused on Optimism as they work to improve security and prevent any repeat events. Their platform on other blockchains like Base were not impacted.

It's a serious black eye for the Sonne Finance protocol and decentralized finance (DeFi) industry. Hacks like this damage trust in the space.