Socket infrastructure protocol lost $3.3 million in hack

Brother

Brother

Professional
Messages
2,590
Reaction score
483
Points
83
The team at cross-chain bridge aggregator Socket reported an attack that resulted in the protocol losing $3.3 million.

Urgent

Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts.

We have identified the issue & have paused the affected contracts.

We’re working on the situation & will keep you informed with regular updates & next steps.
— Socket (@SocketDotTech) January 16, 2024
https://twitter.com/x/status/1747349422730813525
Click to expand...

“There was a security incident at Socket that affected infinite contract approval wallets. We have identified the issue and have suspended the affected contracts,” the developers wrote.

They advised users to revoke all approvals for safety reasons.

The exploit was initially discovered by a researcher under the nickname Spreek.

Socket/Bungee approval being exploited rn. several million already gone. attack is ongoing pic.twitter.com/8C25GBPeuo
— Spreek (@spreekaway) January 16, 2024
https://twitter.com/x/status/1747337879771033632
Click to expand...

“Several million have already left. The attack continues,” he noted, indicating the address of the attacker.

He also advised to revoke approvals, but to be careful and only use verified links.

Less than an hour later, the expert stated that transactions to the hacker’s wallet had stopped.

“I think this pause has corrected the situation; most likely, attacks are no longer possible. So if you're worried about a recall right now, you can probably relax,” Spreek concluded.

According to PeckShield experts, the exploit was the result of “incomplete verification of user input,” which was used to steal funds from those who approved the vulnerable SocketGateway contract.

Today's hack on @SocketDotTech results in the loss of >$3.3m.

The bad route exploited in the hack was added 3 days ago and is now disabled. Here are related txs:
— add route tx: https://t.co/lxw7iA1kn4
— disable route tx:https://t.co/QMHfI4YeuU

The hack is due to… https://t.co/QdBBgVF287 pic.twitter.com/yNxF5vCwax
— PeckShield Inc. (@peckshield) January 16, 2024
Click to expand...

The attacker created the path for the attack three days before the incident by deploying the contract.
 
You must log in or register to reply here.

Similar threads

Carding Forum
LiFi protocol lost at least $8 million as a result of hacking
Replies
1
Views
184
Carding Forum
Carding Forum
Man
Radiant Capital Hack: Hackers Stole Over $50 Million
Replies
0
Views
139
Man
Man
Friend
Penpie DeFi Protocol Loses $27 Million in Exploit
Replies
0
Views
124
Friend
Friend
Friend
Unknown people removed over $11 million from the Ronin sidechain
Replies
0
Views
95
Friend
Friend
Friend
Lesson Not Learned: Onyx Loses $3.8 Million Due to Old Vulnerability
Replies
0
Views
117
Friend
Friend
Back
Top