Cross-chain bridge protocol Socket has recovered two-thirds of the funds drained from the protocol in a recent hack.
The official X account of the socket protocol announced that it has successfully recovered 1,032 Ether (ETH) worth $2.3 million of the $3.3 million stolen. The protocol will soon release a recovery and distribution plan for users. Socket also thanked multiple on-chain analytics accounts for their help in recovering the funds.
On Jan. 16, the attacker behind the exploit used a token approval from an Ethereum address ending in 97a5 to carry out the exploit. The exploit impacted the wallets with limitless approvals to Socket contracts.
FUND RECOVERY UPDATE
We have successfully recovered 1032 ETH from the funds involved in the incident on 16th Jan.
We will release a recovery & distribution plan for users soon.
Big shoutout to everyone who helped us from Seal911, Slowmist, Hexagate, & others:@samczsun…
— Socket (@SocketDotTech) January 23, 2024
The exploit on the Socket protocol impacted a total of 219 users with a net loss of around $3.3 million. The cross-chain interoperability protocol managed to identify and remove the bug within hours of the exploit, and within 24 hours, the bridge was operational again.
The attacker used the Socket platform’s over-approval vulnerability to drain assets until each user’s authorized limit was reached. To avoid losing these unused limits, users would have needed to proactively cancel authorization. The attacker exploited pre-approved balances that were never bridged. Users may have prevented being taken advantage of by canceling permissions or withdrawing unused approvals.
According to data analytics firm PeckShiled, the exploit resulted from an incomplete validation of user input, where users who have approved the vulnerable SocketGateway contract became victim of the exploit. The security firm added that the malicious gateway was added three days before the exploit. At the time, users were recommended to revoke all approvals from this address, which shows up as “Socket: Gateway” on Etherscan.
The hack was not just limited to the initial draining of funds; even under the official acknowledgment X post from Socket, phishing scammers used a fake Socket account to post a link to a malicious app and urged users to revoke their approvals using another malicious app.
Cross-chain bridges or interoperability protocols play a critical role in helping different forms of decentralized protocols interact with each other; however, these cross-chain bridges have also become a primary target for malicious actors. Some of the largest DeFi exploits over the past few years have occurred on cross-chain bridges.