Cross-chain bridge protocol Socket has recovered two-thirds of the funds drained from the protocol in a recent hack.
The official X account of the socket protocol announced that it has successfully recovered 1,032 Ether (ETH) worth $2.3 million of the $3.3 million stolen. The protocol will soon release a recovery and distribution plan for users. Socket also thanked multiple on-chain analytics accounts for their help in recovering the funds.
On Jan. 16, the attacker behind the exploit used a token approval from an Ethereum address ending in 97a5 to carry out the exploit. The exploit impacted the wallets with limitless approvals to Socket contracts.
FUND RECOVERY UPDATE
We have successfully recovered 1032 ETH from the funds involved in the incident on 16th Jan.
We will release a recovery & distribution plan for users soon.
Big shoutout to everyone who helped us from Seal911, Slowmist, Hexagate, & others:@samczsun…
— Socket (@SocketDotTech) January 23, 2024
The exploit impacted 219 users with net losses of around $3.3 million. The cross-chain interoperability protocol managed to identify and remove the bug within hours of the exploit, and within 24 hours, the bridge was operational again.
The attacker used the Socket platform’s over-approval vulnerability to drain assets until each user’s authorized limit was reached. The attacker exploited pre-approved balances that were never bridged. To avoid losing these unused limits, users would have needed to proactively cancel authorization.
Related: Gamma attempts to negotiate with hacker after $3.4M exploit
According to data analytics firm PeckShield, the exploit resulted from an incomplete validation of user input, where users who had approved the vulnerable SocketGateway contract became victims of the exploit. The security firm added that the malicious gateway was added three days before the exploit. At the time, users were recommended to revoke all approvals from this address, which shows up as “Socket: Gateway” on Etherscan.
The hack was not just limited to the initial draining of funds. According to the X post from Socket, phishing scammers also used a fake Socket account to post a link to a malicious app and urged users to revoke their approvals using another malicious app.
Cross-chain bridges or interoperability protocols play a critical role in helping different decentralized protocols interact; however, bridges have also become a primary target for malicious actors. Over the past few years, some of the largest decentralized finance exploits have occurred on cross-chain bridges.
Magazine: The truth behind Cuba’s Bitcoin revolution — An on-the-ground report