Socket recovers $2.3 million in ETH after bridge protocol exploit

The recovered funds represent roughly $2.3 million worth in ETH, with the damage from the exploit estimated at $3.3 million.

Socket recovers $2.3 million in ETH after bridge protocol exploit

Share this article

Socket, a cross-chain interoperability protocol, has released information on its recovery of 1,032 ether (ETH) following last week’s incident where its Bungee bridge protocol was exploited. The recovered funds represent roughly $2.3 million worth in ETH, with the damage from the exploit estimated at $3.3 million.

The exploit occurred on January 16th and affected wallets with infinite approvals to Socket contracts. Socket paused the affected contracts in response, though at least $3.3 million was initially stolen, according to blockchain security firm PeckShield.

PeckShield said the exploit resulted from “incomplete validation of user input, which is exploited to steal funds from users who have approved the vulnerable SocketGateway contract.” The security firm added that the route exploited was added three days prior and has now been disabled.

According to analysis from The Block research director Steven Zheng, the attacker exploited over-approvals on the Socket platform, draining assets up to each user’s approved limit. Users would have had to proactively revoke approvals to prevent the loss of these unused allowances. Zheng said the attack essentially took advantage of pre-approved balances that never bridged. Users could have avoided being exploited by revoking allowances or removing unused approvals.

While the amount stolen has yet to be recovered, Socket’s ability to reclaim over $2 million worth of ether demonstrates that exploits on bridge protocols may only sometimes result in permanent losses.

Socket has promised to release a recovery and distribution plan for its users.

The crypto industry is rife with exploits, and as it continues to deal with protocol-level vulnerabilities, projects like Socket and the smart contract security sector show that responses and mitigation processes are improving. From pausing contracts to coordinated recoveries, improvements to protocol security will be key for reducing the impact of these attacks in the future.

Share this article

Loading...