Interoperability protocol Socket said Tuesday it had recovered 1,032 ether (worth $2.3 million at current prices) following an exploit on the Bungee bridge protocol it develops.
“We have successfully recovered 1,032 ETH from the funds involved in the incident on 16th Jan,” Socket wrote in an update on X. “We will release a recovery and distribution plan for users soon.”
Last week’s security incident affected wallets with infinite approvals to Socket contracts. The project paused the affected contracts in response, though at least $3.3 million worth of funds were stolen, according to blockchain security firm PeckShield.
The exploit resulted from "incomplete validation of user input, which is exploited to steal funds from users who have approved the vulnerable SocketGateway contract," PeckShield said at the time. “The bad route exploited in the hack was added three days ago and is now disabled," PeckShield added.
"The exploiter appeared to be draining assets from users that have over-approved Socket, allowing them to take funds up to the limit of their approval. To stop this users would have to revoke their approvals," The Block research director Steven Zheng explained.
"For example, if you’re bridging $1,000 in funds but approved the bridge for $2,000. The remaining $1,000 of approvals you didn't use can be drained in this attack," Zheng said.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.