In a shocking turn of events, Socket, a prominent cross-chain infrastructure protocol, has fallen victim to a significant security exploit, resulting in the loss of $3.3 million from its associated contracts.
The breach, confirmed by the Socket team, has sent shockwaves through the crypto community, prompting urgent action to mitigate further damage.
Socket protocol exploit details and immediate response
The attacker leveraged a vulnerability related to users previously granting infinite approvals to Socket contracts. This allowed them to siphon off substantial funds from these vulnerable contracts.
Socket swiftly identified the issue and immediately paused the affected contracts to prevent additional losses.
Socket, a crucial component of the Web3 ecosystem, is widely used by various decentralized applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance. The security breach has raised concerns across the DeFi space, highlighting the importance of robust security measures within blockchain protocols.
Analyst report and cautionary measures
Blockchain analyst Spreekaway brought the incident to public attention through their X account. According to Spreekaway, the attacker initiated the exploit using token approvals from an Ethereum address ending in 97a5.
They advised affected users to revoke all approvals associated with this specific address, which appears as “Socket: Gateway” on Etherscan.
However, Socket has reassured its users that they do not need to take any action as they have already paused the vulnerable contracts.
Phishing attempts amid chaos
As the crypto community reacted to the security incident, phishing scammers attempted to capitalize on the chaos. A fake Socket account, masquerading as the official one, posted a link to a malicious app and urged users to revoke their approvals using another malicious application.
Fortunately, vigilant users quickly identified the fake account with the misspelled X handle @SocketDctTech instead of the legitimate @SocketDocTech. The imposter account was swiftly removed from the platform to protect unsuspecting users.
Community response and tracking losses
In response to the exploit, a Dune Analytics user named Beetle has taken the initiative to create a tracking dashboard.
This dashboard aims to monitor and document all losses from the attack, providing greater transparency and insight into the extent of the security breach.