7 months ago
40 ARTICLE AD
The recovered funds represent roughly $2.3 million worth in ETH, with the damage from the exploit estimated at $3.3 million.
Socket, a cross-chain interoperability protocol, has released information on its recovery of 1,032 ether (ETH) following last week’s incident where its Bungee bridge protocol was exploited. The recovered funds represent roughly $2.3 million worth in ETH, with the damage from the exploit estimated at $3.3 million.
https://twitter.com/SocketDotTech/status/1749734794320363802
The exploit occurred on January 16th and affected wallets with infinite approvals to Socket contracts. Socket paused the affected contracts in response, though at least $3.3 million was initially stolen, according to blockchain security firm PeckShield.
PeckShield said the exploit resulted from “incomplete validation of user input, which is exploited to steal funds from users who have approved the vulnerable SocketGateway contract.” The security firm added that the route exploited was added three days prior and has now been disabled.
According to analysis from The Block research director Steven Zheng, the attacker exploited over-approvals on the Socket platform, draining assets up to each user’s approved limit. Users would have had to proactively revoke approvals to prevent the loss of these unused allowances. Zheng said the attack essentially took advantage of pre-approved balances that never bridged. Users could have avoided being exploited by revoking allowances or removing unused approvals.
While the amount stolen has yet to be recovered, Socket’s ability to reclaim over $2 million worth of ether demonstrates that exploits on bridge protocols may only sometimes result in permanent losses.
Socket has promised to release a recovery and distribution plan for its users.
The crypto industry is rife with exploits, and as it continues to deal with protocol-level vulnerabilities, projects like Socket and the smart contract security sector show that responses and mitigation processes are improving. From pausing contracts to coordinated recoveries, improvements to protocol security will be key for reducing the impact of these attacks in the future.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
