Socket Protocol recovers two-thirds of stolen ETH from hack
The cross-chain bridge protocol Socket revealed the recovery of two-thirds of the funds drained from the protocol.
The official X account of the socket protocol announced that they have successfully recovered 1032 ETH worth $2.3 million from the total stolen amount of $3.3 million . The protocol will soon release a recovery and distribution plan for users. Socket also thanked multiple on-chain analytics accounts for their help in recovering the funds.
On Jan. 16, the attacker behind the exploit used a token approval from an Ethereum address ending in 97a5 to carry out the exploit. The exploit impacted the wallets with limitless approvals to Socket contracts.
FUND RECOVERY UPDATE
— Socket (@SocketDotTech) January 23, 2024
We have successfully recovered 1032 ETH from the funds involved in the incident on 16th Jan.
We will release a recovery distribution plan for users soon.
Big shoutout to everyone who helped us from Seal911, Slowmist, Hexagate, others: @samczsun …
The exploit on the Socket protocol impacted a total of 219 users with a net loss of around $3.3 million. The cross-chain interoperability protocol managed to identify and remove the bug within hours of the exploit, and within 24 hours, the bridge was operational again.
The attacker used the Socket platform’s over-approval vulnerability to drain assets until each user’s authorized limit was reached. To avoid losing these unused limits, users would have needed to proactively cancel authorization. The attacker exploited pre-approved balances that were never bridged. Users may have prevented being taken advantage of by canceling permissions or withdrawing unused approvals.
Related: Gamma attempts to negotiate with hacker after $3.4M exploit
According to data analytics firm PeckShiled, the exploit resulted from an incomplete validation of user input, where users who have approved the vulnerable SocketGateway contract became victim of the exploit. The security firm added that the malicious gateway was added three days before the exploit. At the time, users were recommended to revoke all approvals from this address, which shows up as “Socket: Gateway” on Etherscan.
The hack was not just limited to the initial draining of funds; even under the official acknowledgment X post from Socket, phishing scammers used a fake Socket account to post a link to a malicious app and urged users to revoke their approvals using another malicious app.
Cross-chain bridges or interoperability protocols play a critical role in helping different forms of decentralized protocols interact with each other; however, these cross-chain bridges have also become a primary target for malicious actors . Some of the largest DeFi exploits over the past few years have occurred on cross-chain bridges .
Magazine: The truth behind Cuba’s Bitcoin revolution — An on-the-ground report
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
The Week Ahead Will Focus On These Altcoins: Major Events – Here’s the Watchlist
The cryptocurrency market is preparing to witness important events in many altcoins in the new week. Here are the details.
Ethereum Poised for Major Breakout, Analyst Predicts $10,000 Target
Dogecoin Aims for Worldwide Adoption with New Strategic Partnerships
Netflix faces backlash for using AI-generated voice of Gabby Petito
Share link:In this post: Netflix used AI to recreate Gabby Petito’s voice in its new docuseries, and people are calling it disturbing and unethical. Viewers slammed Netflix online, saying AI shouldn’t be used to digitally recreate a murder victim’s voice for a documentary. Gabby’s family approved it, but experts argue that murder victims don’t get a say in how their voice is used after death.
Trending news
MoreCrypto prices
More
