The cross-chain bridge protocol Socket has successfully recovered a substantial portion of the funds that were drained from the protocol in a recent hacking incident. In an official announcement from the Socket protocol’s X account, it was revealed that they have managed to retrieve 1,032 Ether (ETH), valued at approximately $2.3 million out of the $3.3 million that was initially stolen. The protocol is set to unveil a comprehensive recovery and distribution plan for the affected users in the near future. Socket expressed gratitude towards various on-chain analytics accounts for their assistance in the recovery process.
Ethereum Hack Update: Socket Protocol Recovers a Substantial 66% of Stolen Funds
The breach occurred on January 16 when the attacker utilized a token approval from an Ethereum address ending in 97a5 to execute the exploit. This had a direct impact on wallets that had limitless approvals to Socket contracts, affecting 219 users with collective losses totaling around $3.3 million. The cross-chain interoperability protocol acted swiftly to identify and rectify the bug within hours of the exploit, ensuring the operational status of the bridge was restored within 24 hours.
The attacker exploited Socket’s over-approval vulnerability to drain assets, reaching each user’s authorized limit. The exploit targeted pre-approved balances that were never transferred through the bridge. To safeguard against potential losses from unused limits, users would have needed to proactively cancel authorization.
Data analytics firm PeckShield shed light on the exploit, attributing it to an incomplete validation of user input. Users who had approved the vulnerable SocketGateway contract fell victim to the exploit. Notably, the security firm highlighted that the malicious gateway was added just three days before the exploit. During that time, users were advised to revoke all approvals from the address identified as “Socket: Gateway” on Etherscan.