The Ethereum staking protocol Rocket Pool experienced a security breach on January 17th, with its Twitter account being compromised and confirmed by their team. The attackers posted malicious links asking users to migrate their assets, potentially leading to asset losses. Rocket Pool urgently advised users to migrate their assets to a temporary v2 contract for safety, ensuring that rETH is safu. Additionally, the Socket Protocol suffered a $3.3 million exploit due to a vulnerability in its smart contracts, specifically impacting users of SocketDotTech's Bungee bridge. Users were urged to revoke approvals to prevent further losses. The exploit was attributed to incomplete validation of user inputs and impacted wallets with infinite approvals to Socket contracts. Meanwhile, the DeFi protocol BasketDAO was also hacked for over $107K due to a smart contract vulnerability, and an individual Ethereum user lost $149,435 to a phishing attack, with the malicious transaction occurring on January 17th.
ATTENTION - The @Rocket_Pool twitter asking is STILL compromised. The team is doing their best but twitter support is awful. See below for updates from discord. https://t.co/K89BBCrSFG
Socket Responds to $3.3 Million Security Breach with Swift Action and Transparency https://t.co/Ngmgg4a1dD
A victim on the #ethereum chain lost 💰$149,435 worth of tokens due to signing malicious phishing signatures on a phishing site. 😈Hack Txn: Jan-17-2024 09:42:35 PM +UTC https://t.co/b5B3TUhL3E Victim Add: 0x373adc79ff63d5076d0685ca35031339d4e0da82 😈Scammer Add 1:… https://t.co/g7VS3bbphr
DeFi protocol @BasketDAOOrg was hacked on Jan 17 for over 💰$107K due to a vulnerability in its #smartcontract. The attack was an arbitrary low-level call exploit that happened due to a bug in the contract's approval process. In March 2022, the same contract, along with another… https://t.co/absMTdK5lK
📁Project Name - Socket Protocol 💵Funds Lost - $3.3 Million 💻Type of Hack - Exploit due to Incomplete Validation ❓Short Description - project was exploited due to incomplete validation of user inputs, impacting wallets with infinite approvals to Socket contracts. https://t.co/spjck33TW9
Hack Alert! 🚨 Socket protocol just got drained of $3.3 MILLION in a call injection attack. Here's a quick breakdown of what went down: - Hackers exploited a bug in the "performAction" function - This allowed them to sneak in unauthorized calls and steal tokens - They… https://t.co/tIMeekzfJk https://t.co/IvuSfjhAaA
.@SocketDotTech and its bridging platform Bungee restarted operations after an apparent $3.3 million exploit led to a temporary pause in trading activity. https://t.co/SITUKR6BGV
Socket Protocol Loses $3.3M in Exploit, Users Urged to Revoke Approvals https://t.co/Ngmgg4a1dD
Reminder: the @Rocket_Pool discord is STILL COMPROMISED
On-going hack: Rocket Pool, one of the largest protocols in DeFi is redirecting users to a fake site due to compromised X account. Explanation and solution (avoid the UI, url misdirect): https://t.co/G6xpNujtFo
Wow the RocketPool Twitter hackers are playing serious games There is no exploit There are no refunds 🚨Don’t interact at all with any links from RocketPool Twitter https://t.co/Xw42JWgRzK
The X account of Ethereum staking protocol Rocket Pool was hacked on Jan. 17, with the exploiter asking users to migrate their assets via a malicious link https://t.co/hpjw4qhf0S
fyi Rocket Pool vulnerability https://t.co/qmCdbUqCMz
BREAKING: Rocket_Pool @X ACCOUNT IS COMPROMISED - DO NOT CLICK LINKS https://t.co/RlicGe9ASA
Twitter (X) account of RocketPool is hacked - confirmed with their team. rETH is safu. Can Elon do something? These X hacks get annoying https://t.co/oUWYzjfDiM
Rocket Pool account hacked Don’t interact with it https://t.co/ImsgQ5yWaC
We cannot express how important it is that you migrate your assets now. During this time, we cannot guarantee the safety of any assets associated with our smart contracts. Please migrate your tokens below to remain safe: https://t.co/sFeHonBi1y
Infinite approvals… the ultimate leap of faith. Users of @SocketDotTech's Bungee bridge lost a total of $3.3M yesterday thanks to a known vector. Have you checked your approvals lately? https://t.co/R1SZZ5GXEj https://t.co/e9NY9ZybDp
🚨A vulnerability has been reported in our smart contracts that is being exploited by bad actors. We urge all users to migrate their assets now to be safe during this time. Migrate your assets to the temporary v2 contracts below to avoid losses👇 https://t.co/sFeHonBi1y
First thing you MUST check when you see a smart contract that has a `payable` function is if the native asset can be withdrawn from it. Imagine deploying a contract, accruing hundreds of ETH of value in it and not being able to withdraw them. Critical severity vulnerability