In a recent security breach, Socket Protocol, a prominent cross-chain protocol, loses $3.3M. The company swiftly responded to the incident, halting specific operations and advising users to revoke approvals as a precautionary measure.
Socket Protocol, an integral part of the interconnected blockchain ecosystem, confirmed the security breach on January 16, revealing the exploitation that drained $3.3 million. The protocol facilitates cross-chain interactions and is utilized in various Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance.
Exploit Details and Targeted Users
Socket Protocol loses $3.3M, according to a social media post it published. The exploit specifically targeted users who had granted infinite approvals to Socket contracts. In response to the breach, Socket promptly halted the affected contracts to mitigate further damage.
The incident was reported by blockchain analyst Spreekaway through their X account, highlighting the exploitation of a token approval from a specific Ethereum address. Spreekaway revealed that the attacker utilized a token approval from an Ethereum address ending in 97a5 to execute the exploit. Users were promptly advised by Spreekaway to revoke all approvals associated with this address, which reportedly appears as “Socket: Gateway” on Etherscan, an Ethereum blockchain explorer.
In response to the security breach, Socket announced that it had taken swift action by pausing contracts to prevent further damage. The company assured users that, at this stage, no further action is required on their part. This immediate response aims to mitigate potential risks and maintain the security of the affected Web3 applications.
Role of Blockchain Security Firm Peckshield
Blockchain security firm Peckshield played a crucial role in flagging the news that Socket Protocol loses $3.3M, identifying the exploit’s connection to a newly introduced route in the Socket system just three days before the attack. Socket, in response, deactivated the problematic route immediately to prevent further misuse. Users were also strongly urged to revoke all approvals as an additional precautionary measure.
Phishing Attempts Amidst Crisis
In the aftermath of the security incident, phishing scammers have attempted to exploit the situation. A fraudulent Socket account, with the misspelt handle @SocketDctTech instead of @SocketDocTech, posted links to a malicious app, misleading users into revoking approvals through it. The fraudulent account was swiftly identified and removed from X within minutes of its posting. This incident underscores the importance of user vigilance and reliance on official communication channels to avoid falling victim to phishing attempts.
Socket has reassured its user base that the paused contracts require no action from them. The company is actively providing regular updates and instructions to help users navigate through this crisis. Transparency and swift action characterize Socket’s response to the exploit, emphasizing the importance of user cooperation in ensuring the security of the platform.
Socket Protocol Swiftly Responds to Security Breach, Resumes Operations
In a prompt response to the loss, Socket Protocol took action within 40 minutes after hackers compromised wallets, allowing unlimited approvals to Socket’s smart contracts. The project announced a temporary pause on all affected contracts and assured users that no further actions were necessary on their part.
Socket Protocol took to Twitter to inform users that they lost $3.3M. The project revealed that hackers had exploited vulnerabilities in wallets, gaining unlimited approvals for Socket’s smart contracts. In response, the team swiftly paused all affected contracts, containing the potential damage.
What are your thoughts as Socket Protocol loses $3.3M? And do you think they will be able to recover the amount? Let us know in the comments below. Also, if you liked our content, do share it with your friends and fellow enthusiasts.
Also Read: Trading Activity Dips with the Early Success of Bitcoin ETFs