Socket Protocol Loses $3.3M in Exploit, Users Urged to Revoke Approvals
Publikováno: 18.1.2024
Following a serious exploit in the Socket protocol that drained $3.3 million, the company has halted specific operations and urged users to revoke all approvals as a precautionary measure. Socket Responds to $3.3 Million Security Breach With Swift Action and Transparency Socket, a cross-chain protocol, confirmed the loss of $3.3 million due to an exploit. […]
Following a serious exploit in the Socket protocol that drained $3.3 million, the company has halted specific operations and urged users to revoke all approvals as a precautionary measure.
Socket Responds to $3.3 Million Security Breach With Swift Action and Transparency
Socket, a cross-chain protocol, confirmed the loss of $3.3 million due to an exploit. This incident was acknowledged in a social media post on January 16. Socket, a component in today’s interconnected blockchain ecosystem, facilitates cross-chain interactions and is used in several Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance.
The exploit targeted users who had granted infinite approvals to Socket contracts. In a post on X the company stated, “Urgent. Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts.” Socket also swiftly paused the affected contracts to mitigate further damage.
Blockchain security firm Peckshield flagged the issue, revealing that the exploit was linked to a route in the Socket system introduced just three days before the attack. Following the breach, Socket immediately deactivated the problematic route to thwart further misuse, and also urged users to revoke all approvals
Due to the recent exploit, Socket urges all users to revoke all approvals to prevent loss of funds
We recommend all users to review approvals immediately while we investigate.
Check exposure to the exploit and revoke now
Revoke Now https://t.co/fXzS6lONKX
— Socket (@SocketDotTeclh) January 17, 2024
Amidst this trouble, phishing scammers are attempting to exploit the situation. In response to Socket’s official announcement, a fraudulent Socket account posted links to a malicious app, misleading users to revoke their approvals through it. The counterfeit account, distinguishable by its misspelled handle @SocketDctTech instead of @SocketDocTech, was promptly removed from X.
Socket has assured its users that the paused contracts require no action from them. The company is also issuing regular updates and instructions to help its user base navigate through this crisis.
Do you think Socket has done a good job handling this situation? Share your thoughts and opinions about this subject in the comments section below.