Socket recently released an official statement addressing its security incident. The protocol experienced a 3.3 million-dollar attack recently.
The tweet by Socket stated that the team has identified the issue and has already paused the affected contracts. The protocol also assured users that no further actions were needed from them.
According to reports, the attack on Socket affected 231 wallets, resulting in an average loss of 14,000 dollars. The stolen assets included popular cryptos like Ethereum, Dai, Wrapped Ether, Polygon, and Wrapped Bitcoin.
Here is an overview of the stolen assets:
- ETH stole worth 2,930,748 dollars
- MATIC stole worth 139,462 dollars
- WBTC stole worth 124,704 dollars
- WETH stole worth 109,382 dollars
- DAI stole worth 13,820 dollars
The incident was first reported by PeckShield, who called Socket’s attention to the attack. The security firm stated that the bad route used in the attack was added only three days ago and is already disabled.
PeckShield found that the attack was conducted via incomplete validation of user input. This was exploited to fetch funds from the accounts that had approved a vulnerable SocketGateway contractocketGateway contract.
A specific account has also been marked as the catalyst for the attack. The malicious parties misused the mainnet while users were asked to revoke every address for security.
Socket acts as an interoperability protocol that brings seamless connectivity throughout blockchains. The protocol supports Bungee, a bridge aggregator that allows users to find the best bridging routes.
Bungee uses Socket to find multiple routes through supported bridges and DEXs. The platform considers every swap that might be needed before and after the bridging process.
As for the recent attack, there is no news on how close Socket is to getting the funds back.