The cross-chain bridge protocol Socket has successfully recovered two-thirds of the funds withdrawn in a recent hack. An official post from Socket’s X account announced the retrieval of $2.3 million worth of 1,032 Ethereum out of the stolen $3.3 million in crypto assets. Socket stated that a recovery and distribution plan for users will be released soon.
The recovery was aided by multiple blockchain data analysis accounts, which Socket thanked. The hacker initiated the attack on January 16 using a token approval from an Ethereum address ending in 97a5. The attack exploited wallets that had given unlimited approvals to Socket contracts.
The vulnerability affected 219 users, resulting in a net loss of approximately $3.3 million. The interoperability protocol detected and rectified the error within hours of the attack, and the bridge was operational again within 24 hours.
The attacker utilized an excessive approval vulnerability on the Socket platform to drain assets until reaching each user’s authorized limit. The attacker took advantage of unbridged and previously approved balances. Users needed to cancel authorizations to avoid losing these unused limits.
According to blockchain data analysis firm PeckShield, the hack stemmed from inadequate validation of user input, impacting users who had approved the vulnerable SocketGateway contract. PeckShield added that the malicious gateway was added three days before the attack. Phishing scammers also used a fake Socket account to lure users into canceling their approvals through another malicious application.