Socket Protocol Exploited, Loses $3.3 Million

• The Bungee bridging aggregator, developed by Socket, has suffered an exploit, potentially resulting in over $3.3 million in stolen funds.
• Socket promptly paused affected contracts and initiated an investigation after an anonymous researcher detected the incident.
• PeckShield, a cybersecurity firm, confirmed the extent of the breach and noted that the exploited route was recently introduced but has now been disabled.

The cross-chain protocol Socket fell victim to an exploit, resulting in the loss of $3.3 million from associated contracts.

The Socket team has taken immediate action to address the issue by pausing all affected contracts to prevent further losses.

The alarm was first raised by an anonymous researcher known as Spreek on X, who detected the exploit. Spreek’s observations indicated that the attacker had already siphoned off a substantial sum of funds, with several million dollars at risk. Spreek promptly recommended that users revoke their approvals for Socket to mitigate further potential damage.

Spreekaway advised users to revoke all approvals associated with this address, which reportedly appears as “Socket: Gateway” on Etherscan.

Socket’s team confirmed the security incident in a statement, explaining that it impacted wallets with infinite approvals for Socket contracts. The affected contracts were swiftly suspended to halt any ongoing exploitation attempts.

Socket is a widely used cross-chain infrastructure protocol that plays a crucial role in numerous Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance.

PeckShield’s Analysis

According to cybersecurity firm PeckShield, the exploit occurred due to “incomplete validation of user input,” enabling the attacker to pilfer funds from users who had granted excessive approvals to the vulnerable SocketGateway contract. PeckShield estimated that the breach had resulted in at least $3.3 million in losses.

The security firm also revealed that the vulnerable route used in the hack had been introduced just three days prior to the incident and had since been disabled to prevent further exploitation.

Unfortunately, malicious actors seeking to take advantage of the situation have emerged. In response to Socket’s official post, a fraudulent Socket account posted a link to a malicious app.

This malicious app urged users to revoke approvals using another deceptive app also provided. The fake account used the misspelled X handle @SocketDctTech instead of the genuine @SocketDocTech. Fortunately, the fake account was swiftly removed from the platform.

A Dune Analytics user named Beetle has taken the initiative to set up a dashboard to monitor and track all losses resulting from the attack. This dashboard will play a crucial role in assessing the extent of the breach and aiding in recovery efforts.