The socket protocol recovers two-thirds of stolen ETH from a hack
Cross-Chain Bridge Protocol Socket received two-thirds of the funds released from the protocol in a recent hack.
The official X account of the socket protocol has announced that it has successfully recovered 1,032 Ether (ETH) worth $2.3 million out of the $3.3 million stolen. The protocol will soon develop a recovery and distribution plan for users. Socket thanked several on-chain analytics for their help in recovering the funds.
On January 16, the attacker behind the exploit used an Ethereum address token ending in 97a5 to execute the exploit. The exploit hits wallets with unlimited approvals on socket contracts.
Fund recovery update
We have successfully received 1032 ETH from the participating funds in the January 16th event.
We will soon release a recovery and distribution plan for users.
Big shout out to Seal911, Slowmist, Hexagate, and everyone else who helped: @samczsun …
— Socket (@SocketDotTech) January 23, 2024
The exploit cost 219 users a net loss of $3.3 million. The cross-chain interoperability protocol was able to identify and remove the bug within hours of the exploit, and within 24 hours, the bridge was back up and running.
The attacker used the socket platform's overacceptance vulnerability to leak assets until each user's allowed limit was exceeded. The attacker used pre-approved balances that were never bridged. To avoid losing these unused limits, users needed to actively cancel permissions.
Related: Gamma Tries to Negotiate with Hacker After $3.4M Exploit
According to data analyst firm PeckShield, the exploit occurred due to incomplete authentication of user input, and users who approved the contract of a vulnerable socket gateway fell victim to the exploit. The security firm added that the malicious login was added three days before the exploit. At that time, users are advised to delete all authorizations from this address, which appears on Etherscan as “Socket: Gateway”.
The hacking was not limited to the initial cash flow. According to an X post from Socket, phishing scammers use a fake Socket account to post a link to a malicious app, prompting users to revoke their authorization by using another malicious app.
Cross-chain bridges or communication protocols play a vital role in helping different decentralized protocols connect. However, bridges have become a prime target for malicious actors. Over the past few years, some of the largest decentralized finance exploits have occurred on cross-chain bridges.
Magazine: The Truth Behind Cuba's Bitcoin Revolution – An On-the-Ground Report
