The Socket protocol, a cross-chain bridging protocol, has successfully recovered 1,032 ether coins (approximately $2.3 million) out of the $3.3 million lost in a recent hack, according to an official announcement on the Socket protocol's X account. The recovery represents two-thirds of the stolen funds. Socket plans to release a recovery and distribution plan for affected users in the near future. The protocol expressed gratitude to various on-chain analytics accounts for their assistance in the recovery process.
The exploit occurred on January 16, with attackers utilizing token approvals from an Ethereum address ending in 97a5. The vulnerability exploited wallets through unlimited approvals for Socket contracts. A total of 219 users were affected, resulting in a net loss of around $3.3 million. The Cross-Chain Interoperability Protocol swiftly identified and addressed the vulnerability within hours of its occurrence, with the bridge back in operation within 24 hours.
The attack leveraged the over-approval vulnerability of the Socket platform, consuming assets until reaching each user's authorization limit. The attackers exploited pre-approved balances that were never bridged, emphasizing the importance of users proactively deauthorizing to prevent potential losses. The vulnerability was attributed to incomplete validation of user input, affecting users who approved the vulnerable SocketGateway contract. Security firm PeckShield noted that the malicious gateway was added three days before the exploit, prompting users to revoke all approvals for the address labeled as "Socket:Gateway" on Etherscan.
Beyond the initial fund loss, Socket reported that phishing scammers utilized fake Socket accounts to share links to malicious apps, urging users to revoke approval through another malicious app. Cross-chain bridges and interoperability protocols are crucial for enabling interaction among different decentralized protocols. However, they have become attractive targets for malicious actors, leading to significant decentralized finance breaches in recent years.
