Interoperability service Socket and its bridging platform Bungee have resumed operations after a security breach led to a temporary halt in trading.
The exploit amounted to approximately $3.3 million when attackers targeted wallets with infinite approvals to Socket contracts. Approvals are authorizations for blockchain-based tools that enable applications to access tokens in a user’s wallet.
The breach was first brought to light by anonymous security researcher @speekaway at around 18:20 UTC on Tuesday. It was revealed that the attackers had manipulated wallet approvals, potentially compromising user funds.
One wallet connected to the exploit is believed to be in the attackers’ possession, containing nearly $3 million worth of ether (ETH) and $300,000 worth of other tokens.
Socket acted swiftly in response to the breach, pausing all trading activity to prevent further attack propagation.
Socket swift resolution and compensation plans
In an early Wednesday statement, Socket developers announced that the security issue had been resolved and trading activities had resumed. Furthermore, they revealed that plans for compensation for affected users were already in the works.
Socket’s incident highlights the ongoing challenge of securing cross-chain bridges, which enable users to transfer tokens between different blockchain networks. According to key developers, cross-chain bridges like Bungee have frequently been exploited due to their inherent complexity.
This is not the first time such an incident has occurred in the crypto space. In January, Orbit Chain, a cross-chain bridge connecting Ethereum to other networks, fell victim to an $81 million hack. These attacks persist due to the intricate nature of cross-chain tools, making security a paramount concern for the crypto industry.
Sergey Nazarov, co-founder of Chainlink, emphasized the importance of cross-chain security, comparing it to data oracles. He stated,
“Like data oracles, many bridge variants don’t provide real security and don’t describe how they work beyond saying the words ‘decentralized’ and ‘secure.’”
Nazarov urged bridge users to consider the security of their chosen bridge and its ranking on the cross-chain security spectrum.
Source: https://www.cryptopolitan.com/socket-resumes-operations-after-3-3m-exploit/