Socket and Bungee: A Return to “Normal”
Socket, the interoperability service, and its bridge, Bungee, were forced to temporarily suspend operations due to a hack that resulted in approximately $3.3 million in damages. However, the company recently announced the resumption of its on-chain activities.
This incident, which occurred late on Tuesday, targeted wallets that had granted infinite approvals for Socket contracts. Essentially, these approvals allowed applications to access tokens located in a user’s wallet.
An anonymous security researcher, known as @speekaway, was the first to report the exploit. This individual identified a potentially linked wallet that contained around $3 million in Ether (ETH) and an additional $300,000 in various other digital tokens.
A Compensation Plan for Hack Victims
In response to the exploit, Socket immediately suspended its activities to prevent the attack from spreading. The following day, Socket developers announced that the issue had been resolved and activities had resumed. They also mentioned that compensation plans were being developed.
Inter-chain bridges, such as Socket’s Bungee, allow users to transfer tokens between different blockchains. However, they remain among the most commonly used tools in DeFi and their complex design continues to make them vulnerable to attacks, according to key industry developers.
Sergey Nazarov, co-founder of Chainlink, emphasizes the importance for users to understand the different levels of security provided by inter-chain bridges and to research the actual security of the protocol they are using.