The interoperability protocol Socket was recently hit by a hack, resulting in the theft of over $3 million. Today, the Socket team announced the recovery of a portion of the stolen funds, which included hundreds of Ethereum (ETH) tokens. Blockchain security firm PeckShield had reported a loss of $3.3 million following the attack.
Socket disclosed that they had successfully reclaimed 1,032 ETH, valued at approximately $2.3 million, from the Bungee bridge hack. They also stated that a recovery and distribution plan for users will be announced soon.
The hack affected wallets that had granted infinite approvals using Socket’s contracts. PeckShield’s investigation revealed that at least $3.3 million was stolen. Following the attack, the project quickly suspended the affected contracts to prevent further theft.
PeckShield attributed the hack to a vulnerability in the SocketGateway contract due to insufficient validation of user input, which allowed the theft of funds from users who had approved the contract. The malicious input that facilitated the attack had been added to the protocol three days prior and has since been disabled.
Steven Zheng, Research Director at The Block, commented on the hack, explaining that the hacker was draining assets from users who had approved Socket’s contract, and users needed to cancel their approvals to stop the theft. For instance, if a user set up a bridge with $1,000 but gave approval for $2,000, the unused $1,000 was at risk of being stolen in this attack.