- The Socket Protocol lost $3.3 million due to a vulnerability on one of its exchanges.
- The Socket Protocol team took quick action to contain the damage.
The Socket Protocol, a cross-chain infrastructure protocol that supports several Web3 apps, recently suffered a significant security breach, resulting in significant financial losses.
The attack specifically targeted the Bungee Exchange within the Socket Protocol, resulting in a loss of $3.3 million.
Another day, another hack
The hack, as reported by the Socket Protocol team, occurred on January 16. To limit the risk, Socket disabled the compromised smart contract.
Urgently
Socket suffered a security incident that affected wallets with infinite approvals for Socket contracts.
We have identified the issue and paused the affected contracts.
We are working on the situation and will keep you informed with regular updates and next steps.
— Socket (@SocketDotTech) January 16, 2024
Looking at the finer details
PeckShield, a blockchain security company, sheds light on the technical aspects of the breach. The hacker exploited the incomplete validation of user input. This allowed the hacker to discover a weakness in the system that controls user information.
The attack targeted a specific part of the system called SocketGateway. The weakness allowed the hacker to take money from users who had given permission to that part of the system. This happened without the users’ knowledge or consent.
Today’s hack @SocketDotTech results in a loss of >$3.3 million.
The bad route exploited in the hack was added three days ago and is now disabled. Here are related tx’s:
– add route tx: https://t.co/lxw7iA1kn4
– disable route tx:https://t.co/QMHfI4YeuUThe hack is due to… https://t.co/QdBBgVF287 pic.twitter.com/yNxF5vCwax
—PeckShield Inc. (@peckshield) January 16, 2024
At press time, Socket tweeted that all damage had been contained and the protocol was operational again.
However, Socket advised users to be wary of possible scams as phishing accounts flood the replies under Socket Protocol’s tweets. They urged users to revoke approvals through other malicious apps to avoid additional threats.
Socket is now operational again.
The contract in question is paused and the damage is completely limited.
Bridging @BungeeExchange and most of our partner frontends have resumed.
A detailed post-mortem and next steps will follow shortly.
— Socket (@SocketDotTech) January 17, 2024
Change it to ETH
In terms of impact, around 230 users were affected by the malicious transactions on the Socket Gateway contract. The total loss was $3.3 million, mainly related to assets such as USDC, USDT, WBTC, DAI and WETH.
The operator conducted token swaps, converting USDC and USDT tokens into ETH.
🚨ALERT📷$3.3 million exploit detected on @SocketDotTech ! Our advanced AI system detected malicious transactions on the Socket Gateway contract, 230 users were affected, a total loss of $3.3 million, mainly USDC, USDT, WBTC DAI and WETH, the operator switched USDC and USDT tokens. .. pic.twitter.com/cw8RUJO9Oh
— 🚨Cyvers Alerts 🚨 (@CyversAlerts) January 16, 2024
Is your portfolio green? Check out the ETH profit calculator
Even though it is not clear whether the hackers intend to hold or sell their ETH, the massive accumulation of ETH being done by the hackers could help ETH’s price momentum in the short term.
At the time of writing, ETH was trading at $2,568.03 and its price was up 1.53% over the past 24 hours.
Source: Santiment