en
Back to the list

Socket Protocol Loses $3.3M in Exploit, Users Urged to Revoke Approvals

source-logo  news.bitcoin.com 17 January 2024 18:30, UTC

Following a serious exploit in the Socket protocol that drained $3.3 million, the company has halted specific operations and urged users to revoke all approvals as a precautionary measure.

Socket Responds to $3.3 Million Security Breach With Swift Action and Transparency

Socket, a cross-chain protocol, confirmed the loss of $3.3 million due to an exploit. This incident was acknowledged in a social media post on January 16. Socket, a component in today’s interconnected blockchain ecosystem, facilitates cross-chain interactions and is used in several Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance.

The exploit targeted users who had granted infinite approvals to Socket contracts. In a post on X the company stated, “Urgent. Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts.” Socket also swiftly paused the affected contracts to mitigate further damage.

Blockchain security firm Peckshield flagged the issue, revealing that the exploit was linked to a route in the Socket system introduced just three days before the attack. Following the breach, Socket immediately deactivated the problematic route to thwart further misuse, and also urged users to revoke all approvals

Due to the recent exploit, Socket urges all users to revoke all approvals to prevent loss of funds 🚨

We recommend all users to review approvals immediately while we investigate.

Check exposure to the exploit and revoke now 🔒

Revoke Now ⤵️https://t.co/fXzS6lONKX

— Socket (@SocketDotTeclh) January 17, 2024

Amidst this trouble, phishing scammers are attempting to exploit the situation. In response to Socket’s official announcement, a fraudulent Socket account posted links to a malicious app, misleading users to revoke their approvals through it. The counterfeit account, distinguishable by its misspelled handle @SocketDctTech instead of @SocketDocTech, was promptly removed from X.

Socket has assured its users that the paused contracts require no action from them. The company is also issuing regular updates and instructions to help its user base navigate through this crisis.

Do you think Socket has done a good job handling this situation? Share your thoughts and opinions about this subject in the comments section below.

news.bitcoin.com
Cryptonews.net website uses cookie files to personalize services and improve the user experience of the website.
If you do not want your personal data to be processed, please limit its use in your browser.