Interoperability protocol Socket said Tuesday that it had recovered 1,032 ethers (worth $2.3 million at current prices) after exploiting the Bunge Bridge protocol it developed.
In an update to
A security incident last week affected wallets that had unlimited authorization for socket contracts. The project responded and suspended affected contracts, but at least $3.3 million worth of funds were stolen, according to blockchain security company PeckShield.
“The vulnerability was caused by incomplete validation of user input, which was exploited to steal funds from users who accepted vulnerable SocketGateway contracts,” PeckShield said at the time. “The bad path exploited in the hack was added three days ago and is now disabled,” PeckShield added.
Steven Zheng, head of research at The Block, explained: “It appears that users are trying to steal assets from users who have over-authorized Sockets, allowing them to take funds up to their authorization limits. To stop these users, you need to revoke their authorizations.” .
“For example, if you linked $1,000 in funds but authorized $2,000 in funds, the remaining unused $1,000 in authorizations could be consumed in this attack,” Zheng said.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.