- Socket Protocol lost $3.3 million due to a vulnerability in one of its exchanges.
- The Socket Protocol team took quick action to prevent damage.
Socket Protocol, a cross-chain infrastructure protocol that powers a variety of Web3 apps, recently suffered significant financial losses due to a serious security breach.
The attack specifically targeted Bungee Exchange within the socket protocol, causing $3.3 million in losses.
Another day, another hack
As reported by the Socket Protocol team, the hack occurred on January 16th. To mitigate the risk, Socket disabled compromised smart contracts.
urgent
Sockets experienced a security incident affecting wallets that had infinite permissions for Socket contracts.
We have identified the issue and have suspended the affected contracts.
We are currently investigating the situation and will provide regular updates and next steps.
— Socket (@SocketDotTech) January 16, 2024
Looking at the details
Blockchain security company PeckShield shed light on the technical aspects of the breach. Hackers exploited imperfect validation of user input. This means that hackers have discovered a weakness in the system that verifies your information.
The attack was focused on a specific part of the system called SocketGateway. This weakness helped hackers extort money from users who had granted permission to that part of the system. This occurred without the user’s knowledge or consent.
Hack of the Day @SocketDotTech More than $3.3 million in losses.
The incorrect path exploited in the hack was added 3 days ago and is now disabled. The relevant TX is as follows:
– Add tx route: https://t.co/lxw7iA1kn4
– Disable tx route: https://t.co/QMHfI4YeuUThe cause of hacking is… https://t.co/QdBBgVF287 pic.twitter.com/yNxF5vCwax
— PeckShield Inc. (@peckshield) January 16, 2024
At press time, Socket tweeted that all damage had been contained and the protocol was working again.
However, Socket advised users to be wary of potential scams because phishing accounts were sending too many replies to Socket Protocol’s tweets. They urged users to revoke authorizations through other malicious apps to avoid further threats.
The socket is now functional again.
Affected contracts have been suspended and damages fully contained.
Connecting @Bungee Exchange Most partner frontends have been reopened.
A detailed postmortem and next steps will follow shortly.
— Socket (@SocketDotTech) January 17, 2024
Convert to ETH
In terms of impact, approximately 230 users were affected due to malicious transactions in the Socket Gateway contract. Total losses reached $3.3 million and mainly involved assets such as USDC, USDT, WBTC, DAI, and WETH.
The exploiter executed a token swap, converting USDC and USDT tokens to ETH.
🚨ALERT📷 $3.3M exploit detected. @SocketDotTech ! Our advanced AI system detected a malicious transaction in the Socket Gateway contract, affecting 230 users and causing a total loss of $3.3 million, mainly USDC, USDT, WBTC DAI and WETH, with the abuser holding USDC and exchanged USDT tokens. pic.twitter.com/cw8RUJO9Oh
— 🚨 Cybers Alerts 🚨 (@CyversAlerts) January 16, 2024
Is your portfolio green? Check out our ETH Profit Calculator
It is unclear whether the hackers plan to hold or sell ETH, but the massive accumulation of ETH that the hackers have done could help ETH’s price momentum in the near term.
At press time, ETH is trading at $2,568.03, with the price up 1.53% over the past 24 hours.
Source: Santiment