Socket protocol loses $3.3M in confirmed approval exploit
Cross-chain protocol Socket has been exploited, and $3.3 million has been drained from contracts associated with it, according to a Jan. 16 social media post from the team. The team has paused all contracts to prevent further losses.
Urgent
— Socket (@SocketDotTech) January 16, 2024
Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts.
We have identified the issue have paused the affected contracts.
We’re working on the situation will keep you informed with regular updates next steps.
“Urgent Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts” the post stated. “We have identified the issue have paused the affected contracts.”
Socket is a cross-chain infrastructure protocol used by many Web3 apps, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance. Socket claims that more than $3.3 million has been lost in the attack. The team has paused contracts, preventing the attacker from draining more funds.
Blockchain analyst Spreekaway reported the incident from their X account. According to them, the attacker used a token approval from Ethereum address 0x3a23f943181408eac424116af7b7790c94cb97a5 to carry out the exploit. Spreekaway recommended that users revoke all approvals from this address, which they claim shows up as “Socket: Gateway” on Etherscan. Socket developers claimed that they have paused contracts and “Users don't need to do ANYTHING.”
Related: Gamma attempts to negotiate with hacker after $3.4M exploit
Phishing scammers appear to be taking advantage of the chaos to get new victims. In a reply to Socket’s official post, a fake Socket account posted a link to a malicious app and urged users to revoke their approvals using another malicious app that was also provided. The fake account contained the misspelled X handle @SocketDctTech instead of the correctly spelled @SocketDocTech. The fake account was removed from X within minutes of the post.
Phishing account on X claiming to be Socket. Source: XDune analytics user beetle has set up a dashboard to track all losses from the attack.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
MARA's stock jumps after raising $1 billion via convertible notes to buy more bitcoin
MARA Holdings announced the successful closing of its $1 billion offering of 0% convertible senior notes due 2030.The bitcoin miner plans to allocate around $199 million of the proceeds to repurchase $212 million in principal of its existing convertible notes due 2026. The remaining funds will be used to acquire more bitcoin.
Gold loses luster as institutional demand fuels bitcoin price surge, analysts say
Bitcoin’s 46% surge over the past month, contrasted with gold’s 3% decline, highlights a shifting investor preference toward alternative store-of-value assets, analysts say.Derivatives traders are buying up bitcoin call options ahead of Trump’s inauguration, signaling strong bullish sentiment for the beginning of 2024.
SEC is 'engaging' Solana ETF applicants: report
SEC “engaging” on Solana ETF applications, sparking optimism for potential approval in 2025.VanEck, 21Shares, and Bitwise lead Solana ETF filings amid pro-crypto White House hopes.SOL token rises 4.6% to $247.91, bolstered by Solana’s strong DeFi ecosystem and demand.
Shiba Inu Developer Says SHIB Is No Longer a Memcoin