Socket Protocol Loses $3.3M in Verified Exploit
A cross-chain protocol socket was used, and $3.3 million in contracts related to it fell, the team announced in a Jan. 16 social media post. The group has suspended all contracts to prevent further losses.
Urgent
Socket has a security issue affecting the infinite validation wallet for socket contracts.
We have identified the problem and temporarily suspended the affected contracts.
We are working on the situation and will keep you updated with regular updates and next steps.
— Socket (@SocketDotTech) January 16, 2024
“UrgentSocket has experienced a security issue affecting the infinite authentication wallet for socket contracts,” he wrote. “We have identified the issue and suspended the affected contracts.”
Socket is a cross-chain infrastructure protocol used by many Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance. Socket said more than $3.3 million was destroyed in the attack. The team has stopped contracts, preventing the striker from wasting more money.
Blockchain analyst Spreekaway reported the incident from their X account. According to them, the attacker used token authentication from Ethereum address 0x3a23f943181408eac424116af7b7790c94cb97a5 to execute the exploit. Spreckaway recommends that users delete all authorizations from this address, which they say shows up as “Socket: Gateway” on Etherscan. He said that the developers of the socket have temporarily suspended contracts and “users do not need to do anything”.
Related: Gamma Tries to Negotiate with Hacker After $3.4M Exploit
Phishing scammers seem to be taking advantage of the chaos to find new victims. In response to Socket's official post, a fake Socket account posted a link to a malicious app and urged users to revoke their approval by using another malicious app that was also provided. The fake tag contains the misspelled X handle @SocketDctTech instead of the correctly spelled @SocketDocTech. The fake account was removed from X within minutes of the post.
Dune Analytics user Beetle has set up a dashboard to track all losses from the attack.
