Socket Recovers 1,032 ETH Valued at $2.3 Million After Bungee Bridge Protocol Exploit
Crypto News – Socket, an interoperability protocol, announced on Tuesday that it has successfully recovered 1,032 ether (equivalent to $2.3 million at current market rates) following a recent exploit on the Bungee bridge protocol, which Socket develops.
In an official update, Socket stated, “We are pleased to report the successful recovery of 1,032 ETH from the incident that occurred on January 16th. We are currently working on a comprehensive recovery and distribution plan for our users, which will be released shortly.”
The security incident, which transpired last week, had a significant impact on wallets that had granted unlimited approvals to Socket contracts. In response to the breach, the project took immediate action by temporarily pausing the affected contracts. According to blockchain security experts at PeckShield, the exploit resulted in the theft of at least $3.3 million worth of assets.
PeckShield attributed the exploit to a vulnerability arising from incomplete validation of user input. This vulnerability was exploited by malicious actors to siphon funds from users who had approved the vulnerable SocketGateway contract. The specific route used in the attack had been introduced just three days prior but has since been disabled.
Steven Zheng, Research Director at The Block, shed light on the exploit’s mechanics, explaining, “The attacker focused on draining assets from users who had excessively approved Socket contracts, effectively allowing them to deplete funds up to the limit of their approval. To prevent such attacks, users must revoke unnecessary approvals.” As an example, Zheng illustrated how if a user was bridging $1,000 in funds but had approved the bridge for $2,000, the remaining $1,000 of unutilized approvals could be vulnerable to exploitation.