Hackers took advantage of a faulty Socket smart contract that was updated three days ago
Socket, a cross-chain interoperability protocol, has resumed operations after suffering an exploit yesterday.
The incident was identified on Jan. 16 by PeckShield, a blockchain security firm, who tagged Socket in a tweet after spotting suspicious transactions on-chain.
Socket responded 40 minutes later, tweeting that it had paused all affected contracts after hackers compromised wallets allowing unlimited approvals to Socket’s smart contracts. The project added that no user actions were required after the contracts were paused.
“Socket is now operational again,” the team later tweeted. “The affected contract has been paused and damage is fully contained. Bridging on Bungee Exchange and most of our partner front-ends has resumed.”
The project said it will prioritize “doing right” by its users and recovering the stolen assets. “A detailed post-mortem and next steps will follow shortly,” the team said.
Socket also urged users to be cautious of fake Socket accounts attempting to steal user funds via phishing scams.
PeckShield estimates $3.3M worth of user assets were lost amid the incident, attributing the exploit to error-laden transaction routing added to Socket’s contracts three days prior.
“The hack is due to incomplete validation of user input, which is exploited to steal funds from users who have approved the vulnerable SocketGateway contract,” PeckShield tweeted.
Socket is the latest cross-chain interoperability protocol to suffer an exploit, with bridges comprising sizable honeypots for opportunistic hackers.
According to Rekt, four of the five largest DeFi hacks resulted from attacks targeting bridges, with Ronin, Poly Network, BNB Bridge, and Wormhole losing more than $2.1B in assets combined.
Last month, the cross-chain bridges Orbit and Aurory both suffered exploits, with Orbit losing more than $81M.
Start for free
Source: https://thedefiant.io/socket-resumes-operations-after-users-lost-usd3-3m-to-exploit