Socket Recovers $2.3 Million in Ether Following Exploit
Interoperability protocol Socket announced that it has successfully recovered 1,032 ether (worth $2.3 million) after an exploit on its Bungee bridge protocol. The funds involved in the incident on January 16th have been retrieved, and Socket plans to release a recovery and distribution plan for affected users soon.
Security Incident and Stolen Funds
Last week, a security incident impacted wallets with infinite approvals to Socket contracts. In response, the project paused the affected contracts. However, blockchain security firm PeckShield estimated that at least $3.3 million worth of funds were stolen in the exploit. The hack exploited incomplete validation of user input to steal funds from users who had approved the vulnerable SocketGateway contract.
The Exploit and User Approvals
The exploit targeted users who had over-approved Socket, allowing the attacker to drain assets up to the limit of their approval. For example, if a user bridged $1,000 but approved the bridge for $2,000, the remaining $1,000 of unutilized approvals could be drained in the attack. To prevent this, users would need to revoke their approvals.
Hot Take: Socket Recovers Stolen Funds After Security Incident
Socket has successfully recovered $2.3 million in ether following an exploit on its Bungee bridge protocol. The project plans to distribute the recovered funds to affected users soon. Last week’s security incident resulted in stolen funds worth at least $3.3 million, as an attacker exploited incomplete validation of user input. Users who had over-approved Socket were targeted in the exploit, allowing the attacker to drain assets up to the approved limit. To protect against such attacks, users should revoke unnecessary approvals. Socket’s recovery of funds is a positive step towards mitigating the impact of the security incident.
By
By
By
By
By