Socket, a prominent cross-chain infrastructure protocol, has fallen victim to an exploit resulting in the drainage of $3.3 million from associated contracts. The team disclosed this security incident in a social media post on Jan. 16, emphasizing the urgent need for action to address the situation.
The team swiftly responded to the security breach by taking a precautionary measure—pausing all contracts linked to the protocol. This proactive step aims to prevent any additional losses and mitigate the impact on users.
The exploit targeted wallets with infinite approvals to Socket contracts. The team acknowledged the issue, stating, “We have identified the issue & have paused the affected contracts.” Blockchain analyst Spreekaway reported the incident, revealing that the attacker utilized a token approval from an Ethereum address ending in 97a5 to execute the exploit.
Socket’s Impact on Web3 Apps
The cross-chain protocol, serves as the infrastructure for various Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance. The far-reaching impact of the exploit raises concerns across the decentralized ecosystem.
Spreekaway recommends users to take immediate action by revoking all approvals from the specific Ethereum address (ending in 97a5) associated with the exploit. This address is identified as “Socket: Gateway” on Etherscan.
Amid the security incident, phishing scammers seized the opportunity to target users. A fake account, identified by the misspelled X handle @SocketDctTech, posted a malicious link urging users to revoke approvals through another malicious app. Swift action was taken to remove the fake account from the platform within minutes.
Dune Analytics user Beetle has established a comprehensive dashboard to track all losses stemming from the exploit. This initiative aims to provide transparency and insights into the financial impact on affected users. Stay tuned for further developments as the Socket team works towards resolution and recovery.