Cross-chain bridge Socket protocol has recovered two-thirds of the stolen ETH funds in a recent breach, which led to the loss of about $3.3M.
The socket protocol’s official X account has reported the recovery of 1,032 Ether, valued at $2.3 million, out of a total of $3.3 million stolen. Soon, the protocol will disclose a distribution and recovery strategy for consumers. Additionally, Socket expressed gratitude to several on-chain analytics accounts for recuperating the funds.
The perpetrator executed the exploit on January 16 using a token approval originating from an Ethereum address concluding in 97a5. The vulnerability affected wallets that granted unrestricted approvals to Socket contracts.
The vulnerability caused net losses of approximately $3.3 million for 219 users. The cross-chain interoperability protocol successfully detected and remedied the vulnerability within hours of the exploit, restoring functionality to the bridge within twenty-four hours.
The assailant exploited the over-approval vulnerability of the Socket platform to deplete assets until the authorized limit of each user was exhausted. The assailant exploited never-bridged pre-approved balances. To prevent the loss of these unused limits, users would have been required to revoke authorization proactively.
The vulnerability in the SocketGateway contract was exploited, according to data analytics firm PeckShield, due to incomplete validation of user input; users who had approved the compromised contract were susceptible to the flaw.
Additionally, the security firm stated that the evil gateway was activated three days before the breach. During that period, Etherscan advised users to withdraw all authorizations for this IP address, denoted as “Socket: Gateway.”
The compromise extended beyond the initial depletion of funds. According to the X post from Socket, phishing scammers also posted a link to a malicious application through a sham Socket account. They encouraged users to revoke their approvals using another malicious application.
Interoperability protocols, also known as cross-chain bridges, are of the utmost importance in facilitating the communication between decentralized protocols.
Nevertheless, these bridges have emerged as a principal target for malicious actors. In recent years, some of the most significant decentralized finance breaches have transpired on cross-chain bridges.
