Socket recovers approximately $2.3 million:
- Socket has recovered 1,032 ETH, valued at $2.3 million, following an exploit of its Bungee protocol.
- The exploit led to an estimated $3.3 million in stolen funds.
- Socket plans to release a recovery and distribution plan for affected users.
1,032 ETH saved by Socket
The Socket protocol has announced that it has recovered 1,032 ETH, equivalent to approximately $2.3 million, following a hack last week on its native bridge called ‘Bungee’.
As a reminder, this security flaw affected wallets that had granted ‘infinite approvals’ to Socket contracts. Attackers were able to access funds in wallets that had approved the ‘SocketGateway’ contract.
‘The exploiter seemed to drain the assets of users who had overly approved Socket, allowing them to accept funds up to the limit of their approval. To stop this, users should revoke their approvals.’
The Block’s research director stated
Review of the measures taken by Socket
According to blockchain security firm PeckShield, the exploit resulted from an incomplete validation of user input, allowing for the theft of $3.3 million from users who had approved the vulnerable contract.
In response, the project temporarily suspended its operations to resolve the issue. Today, Socket announces that it has ‘disabled […] the wrong route exploited during the hack’.
Socket has indicated that they successfully recovered the ETH involved in the January 16th incident and will soon announce a recovery and distribution plan for affected users.