Socket says it recovered 1,032 ETH following Bungee exploit last week

Security • January 23, 2024, 5:54AM EST
Published 1 minute earlier on
The Block

Quick Take

  • Interoperability protocol Socket said Tuesday it has recovered 1,032 ether following an exploit last week.
  • The exploit saw as much as $3.3 million stolen, according to blockchain security firm PeckShield.

Interoperability protocol Socket said Tuesday it had recovered 1,032 ether (worth $2.3 million at current prices) following an exploit on the Bungee bridge protocol it develops.

“We have successfully recovered 1,032 ETH from the funds involved in the incident on 16th Jan,” Socket wrote in an update on X. “We will release a recovery and distribution plan for users soon.”

Last week’s security incident affected wallets with infinite approvals to Socket contracts. The project paused the affected contracts in response, though at least $3.3 million worth of funds were stolen, according to blockchain security firm PeckShield.

The exploit resulted from "incomplete validation of user input, which is exploited to steal funds from users who have approved the vulnerable SocketGateway contract," PeckShield said at the time. “The bad route exploited in the hack was added three days ago and is now disabled," PeckShield added.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

"The exploiter appeared to be draining assets from users that have over-approved Socket, allowing them to take funds up to the limit of their approval. To stop this users would have to revoke their approvals," The Block research director Steven Zheng explained. 

"For example, if you’re bridging $1,000 in funds but approved the bridge for $2,000. The remaining $1,000 of approvals you didn't use can be drained in this attack," Zheng said. 


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

James Hunt is a reporter at The Block, based in the UK. As the writer behind The Daily newsletter, James also keeps you up to speed on the latest crypto news every weekday. Prior to joining The Block in 2022, James spent four years as a freelance writer in the industry, contributing to both publications and crypto project content. James’ coverage spans everything from Bitcoin and Ethereum to Layer 2 scaling solutions, avant-garde DeFi protocols, evolving DAO governance structures, trending NFTs and memecoins, regulatory landscapes, crypto company deals and the latest market updates. You can get in touch with James on Telegram or X via @humanjets or email him at [email protected].

Editor

To contact the editor of this story:
Adam James at
[email protected]

More by James Hunt