Lending Protocol

Sonne Finance Suffers $20 Million Hack

May 14, 2024
Attack Types: 
Smart Contract Exploit ,Flash Loan Attack
Entity Types: 
DeFi ,Lending Protocol
Target Entities: 
Sonne Finance

Summary # On May 14, 2024, Sonne Finance was exploited on the Optimism chain, which led to a loss of nearly $20 million worth of assets including USDC, WETH and VELO. Sonne Finance is a decentralized liquidity protocol that offers Lending, Borrowing and Earning opportunities on Optimism and Base chains. The root cause of the exploit is a precision loss smart contract vulnerability. Sonne Finance’s smart contracts are a fork of CompoundV2, and precision loss vulnerability is a well-known issue with them. ...

Pike Finance exploited for $1.7 million in second incident

April 30, 2024
Attack Types: 
Smart Contract Exploit
Entity Types: 
DeFi ,Lending Protocol ,Bridge
Target Entities: 
Pike Finance

Summary # On April 30, 2024, Pike Finance, a Cross-chain Bridge and a Lending Protocol for native assets, was exploited across the Ethereum, Optimism, and Arbitrum chains due to a smart contract vulnerability. $1.7 million worth of assets was siphoned out from the protocol. The smart contract storage misalignment issue was utilized, whith allowed the attacker to bypass owner permissions. Initially, the protocol was exploited four days before the incident, which led to a loss of nearly $300,000 and a temporary pause of operations. ...