Hack Explained - Socket
Socket Protocol, a cross-chain bridging service, faced a significant security breach leading to the loss of $3.3 million in it's Bungee bridge. This hack exploited a newly deployed contract and exposed weaknesses in the protocol's smart contract.
Behind the Breach
The attack occurred on January 16, 2024. The Attacker targeted wallets that had granted infinite approvals to Socket contracts exploiting a recently added route to their bridging contract. This route did not properly validate the 𝚜𝚠𝚊𝚙𝙴𝚡𝚝𝚛𝚊𝙳𝚊𝚝𝚊 parameter, enabling an attacker to inject a 𝚝𝚛𝚊𝚗𝚜𝚏𝚎𝚛𝙵𝚛𝚘𝚖 call. This allowed the attacker to transfer approved assets from victim addresses to their own.
Attacker’s address: 0x50df5a2217588772471b84adbbe4194a2ed39066
Affected contract: 0x3a23f943181408eac424116af7b7790c94cb97a5
In the wake of the attack, Socket Protocol acted swiftly to contain the breach by pausing the affected contracts. It is worth noting that thorough auditing processes as well as limiting the scope of approvals could significantly reduce the risk of similar incidents happening again.
You build the future. We help you secure it.