DeFi protocol Socket and its bridging platform Bungee experienced a security breach on January 16, resulting in an exploit that led to the loss of approximately $3.3 million from 700 users. The exploit was due to a bad route added 3 days prior and targeted wallets with infinite approvals to Socket contracts. Socket identified the issue, paused the affected contracts, and urged users to revoke any open approvals, specifically pointing to the address 0x3a23f943181408eac424116af7b7790c94cb97a5. The incident also impacted Rainbow's in-app bridging feature, prompting them to pause bridging functionality. Socket has since become operational again, and bridging on Bungee Exchange and most partner frontends has continued. A detailed post-mortem and next steps are expected to be announced shortly.
Socket Responds to $3.3 Million Security Breach with Swift Action and Transparency https://t.co/Ngmgg4a1dD
DeFi protocol @BasketDAOOrg was hacked on Jan 17 for over 💰$107K due to a vulnerability in its #smartcontract. The attack was an arbitrary low-level call exploit that happened due to a bug in the contract's approval process. In March 2022, the same contract, along with another… https://t.co/absMTdK5lK
📁Project Name - Socket Protocol 💵Funds Lost - $3.3 Million 💻Type of Hack - Exploit due to Incomplete Validation ❓Short Description - project was exploited due to incomplete validation of user inputs, impacting wallets with infinite approvals to Socket contracts. https://t.co/spjck33TW9
Hack Alert! 🚨 Socket protocol just got drained of $3.3 MILLION in a call injection attack. Here's a quick breakdown of what went down: - Hackers exploited a bug in the "performAction" function - This allowed them to sneak in unauthorized calls and steal tokens - They… https://t.co/tIMeekzfJk https://t.co/IvuSfjhAaA
.@SocketDotTech and its bridging platform Bungee restarted operations after an apparent $3.3 million exploit led to a temporary pause in trading activity. https://t.co/SITUKR6BGV
Socket Protocol Loses $3.3M in Exploit, Users Urged to Revoke Approvals https://t.co/Ngmgg4a1dD
We cannot express how important it is that you migrate your assets now. During this time, we cannot guarantee the safety of any assets associated with our smart contracts. Please migrate your tokens below to remain safe: https://t.co/sFeHonBi1y
Infinite approvals… the ultimate leap of faith. Users of @SocketDotTech's Bungee bridge lost a total of $3.3M yesterday thanks to a known vector. Have you checked your approvals lately? https://t.co/R1SZZ5GXEj https://t.co/e9NY9ZybDp
🚨A vulnerability has been reported in our smart contracts that is being exploited by bad actors. We urge all users to migrate their assets now to be safe during this time. Migrate your assets to the temporary v2 contracts below to avoid losses👇 https://t.co/sFeHonBi1y
NEWS: The Socket Tech exploit was brief but nicked 700 users for a total of $3.3 million.
Socket and Bungee Back in Action Following $3.3M Security Breach https://t.co/OxIjnl4fOY
DeFi protocol Socket @SocketDotTech on #ethereum has been exploited for ~💰$3.3M on Jan 16 due to a bad route added 3 days ago. Add Route tx: https://t.co/Z7WI9jEA0b This has affected users who had given infinite approval to the SocketGateway contract https://t.co/d9tUbvq6tR… https://t.co/jnP8JSumdn
DeFi protocol Socket @SocketDotTech on #ethereum has been exploited for ~$3.3M on Jan 16 due to a bad route added 3 days ago. Add Route tx: https://t.co/Z7WI9jEA0b This has affected users who had given infinite approval to the SocketGateway contract https://t.co/d9tUbvq6tR… https://t.co/ZlGbOQaHw3
.@SocketDotTech and its bridging platform Bungee restarted operations after an apparent $3.3 million exploit led to a temporary pause in trading activity. By @shauryamalwa. https://t.co/Q3evq9I2my
Socket is now operational again. The affected contract has been paused and damage is fully contained. Bridging on @BungeeExchange and most of our partner frontends has resumed. A detailed post mortem and next steps will follow shortly.
Hacker swipes $3.3m from Bungee crypto bridge users by exploiting contract bug https://t.co/WbMcg8xuHW
⚠️⚠️⚠️ Today there was an industry-wide exploit impacting the Socket Gateway contract, which Rainbow uses to power our in-app bridging feature. To protect users, Rainbow has paused bridging functionality in our mobile app and browser extension. Socket has paused their contracts… https://t.co/PAK2VLm4BX
*SOCKET SAYS IT PAUSED AFFECTED CONTRACTS AFTER IDENTIFYING ISSUE BEHIND 'SECURITY INCIDENT' - THE BLOCK PRO
Urgent Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts. We have identified the issue & have paused the affected contracts. We’re working on the situation & will keep you informed with regular updates & next steps.
🚨🚨🚨 IF YOU'VE USED https://t.co/y501LQ5XQt, THERE APPEARS TO BE AN ONGOING EXPLOIT AND YOU SHOULD REVOKE ANY OPEN APPROVALS ASAP ADDRESS TO REVOKE: 0x3a23f943181408eac424116af7b7790c94cb97a5 Shows up as Socket: Gateway on etherscan 🚨🚨🚨 https://t.co/cHqViFKy4a
Socket is being exploited right now, revoke 0x3a23f943181408eac424116af7b7790c94cb97a5 ASAP on https://t.co/mdF9j47Rtc !