Socket Protocol Recovers $2.3M After Hack

Socket protocol successfully recovered two-thirds of the $3.3 million funds stolen in a recent hack, involving an over approval vulnerability.

The protocol for the cross-chain bridge with a recent hack, Socket Protocol could retrieve two-thirds of the funds stolen from the protocol.

The official X account of the socket protocol announced a successful recovery of 1,032 Ether, valued at $2.3 million, which constituted part of the $3.3 million stolen. The protocol will soon release a recovery and distribution plan that users can access.

At the same time, Socket Protocol expressed gratitude to several on-chain analytics accounts for their assistance in recovering the cash. The attacker responsible for the vulnerability on January 16 utilized a token approval from an Ethereum address completed with the number 97a5.

The vulnerability manifested in wallets allowed for endless approvals of socket contracts. The exploit affected 219 users, resulting in a net loss of around $3.3 million.

Within a few hours following the exploit, the cross-chain interoperability protocol could locate and eliminate the problem, and within twenty-four hours, the bridge was back in service.

The attacker exploited the over-approval vulnerability of the Socket platform, draining assets until reaching the approved limit for each user.

The attacker exploited the situation by taking advantage of pre-approved balances that were never bridged. It would have been necessary for users to proactively cancel authorizations to prevent the loss of these unused limitation restrictions.

An inadequate validation of user input was the cause of the exploit, as stated by the data analytics company PeckShield. Users who had previously approved the insecure SocketGateway contract were the ones who fell prey to the exploit.

In addition, the security company mentioned that the rogue gateway was installed three days before due to the system’s vulnerability.

At the time, the security company suggested that users cancel all approvals from this address, which appears on Etherscan as “Socket Gateway.”

The hack did more than just drain the initial money. According to the X post from Socket Protocol, phishing scammers also utilized a phony Socket account to post a link to a dangerous app and pushed users to cancel their approvals using another malicious app.

Interoperability protocols, also called cross-chain bridges, are essential in facilitating the interaction between various decentralized protocols.

However, bridges have also emerged as a primary target for malicious actors since their introduction. Throughout the last few years, cross-chain bridges have been the site of some of the most significant exploits in the realm of decentralized finance.