Socket protocol recovers two-thirds of stolen ETH from hack


Cross-chain bridge protocol Socket has recovered two-thirds of the funds drained from the protocol in a recent hack.

The official X account of the socket protocol announced that it has successfully recovered 1,032 Ether (ETH) worth $2.3 million of the $3.3 million stolen. The protocol will soon release a recovery and distribution plan for users. Socket also thanked multiple on-chain analytics accounts for their help in recovering the funds.

On Jan. 16, the attacker behind the exploit used a token approval from an Ethereum address ending in 97a5 to carry out the exploit. The exploit impacted the wallets with limitless approvals to Socket contracts.

The exploit impacted 219 users with net losses of around $3.3 million. The cross-chain interoperability protocol managed to identify and remove the bug within hours of the exploit, and within 24 hours, the bridge was operational again.

The attacker used the Socket platform’s over-approval vulnerability to drain assets until each user’s authorized limit was reached. The attacker exploited pre-approved balances that were never bridged. To avoid losing these unused limits, users would have needed to proactively cancel authorization.

Related: Gamma attempts to negotiate with hacker after $3.4M exploit

According to data analytics firm PeckShiled, the exploit resulted from an incomplete validation of user input, where users who have approved the vulnerable SocketGateway contract became victim of the exploit. The security firm added that the malicious gateway was added three days before the exploit. At the time, users were recommended to revoke all approvals from this address, which shows up as “Socket: Gateway” on Etherscan.

The hack was not just limited to the initial draining of funds; even under the official acknowledgment X post from Socket, phishing scammers used a fake Socket account to post a link to a malicious app and urged users to revoke their approvals using another malicious app.

Cross-chain bridges or interoperability protocols play a critical role in helping different forms of decentralized protocols interact with each other; however, these cross-chain bridges have also become a primary target for malicious actors. Some of the largest DeFi exploits over the past few years have occurred on cross-chain bridges.

Magazine: The truth behind Cuba’s Bitcoin revolution — An on-the-ground report