The hacker exploited a token approval from an Ethereum address ending in 97a5 on January 16 to execute the attack.
Out of the $3.3 million taken, 1,032 Ether, equivalent to $2.3 million, has been recovered, as announced by Socket’s official X account.
The recovery and distribution plan will soon be accessible to users, showcasing the protocol’s commitment to resolving the aftermath of the hack.
Socket acknowledges the assistance of several on-chain analytics accounts in the recovery process, highlighting collaborative efforts within the crypto community.
The exploit targeted wallets with infinite approvals to Socket contracts, resulting in a net loss of approximately $3.3 million for 219 users.
The vulnerability stemmed from insufficient validation of user input in the SocketGateway contract, according to data analytics company PeckShield.
The attacker took advantage of the over-approval vulnerability, draining resources until each user’s allowed limit was reached.
The protocol swiftly identified and fixed the vulnerability within hours of the exploit, with the bridge fully operational again in just 24 hours.
The phishing aspect of the breach involved scammers posting a link to dangerous software on a fake Socket account, urging users to use a malicious app to rescind approvals.
The initial financial loss aside, the breach highlights the importance of user awareness and proactive cancellation of authorizations to prevent further losses.
Cross-chain bridges like Socket play a crucial role in facilitating communication across decentralized protocols but are increasingly targeted by malicious actors.
Phishing attempts and vulnerabilities in cross-chain protocols underscore the need for robust security measures within the decentralized finance (DeFi) space.
The incident serves as a reminder of the ongoing challenges faced by protocols in the DeFi landscape and the continuous efforts to enhance security standards.
