Security Breach in Socket Protocol Leads to $3.3 Million Loss; Phishing Scams Surface Amid Chaos
Summary:
Cross-chain protocol Socket fell victim to an exploit that led to a $3.3 million loss. The team paused all involved contracts to avoid more losses. The exploit affected wallets with limitless approvals to Socket contracts. It served as an infrastructure protocol to various Web3 apps. Blockchain analyst Spreekaway reported the use of token approval from a specific Ethereum address for the exploit. Amidst the chaos, phishing scammers attempted to lure victims, prompting swift action from the platform. Dune analytics user beetle has established a dashboard to monitor further financial fallout from the attack.
The cross-chain protocol Socket has suffered an exploit, leading to the loss of $3.3 million from related contracts, says a public statement on January 16 from the concerned team. The team has halted all dealings with these contracts to avert further financial losses following the incident.
"An urgent security issue has arisen with Socket that has affected wallets having limitless approvals for Socket contracts," declared the post. "We've pinned down the problem and put a hold on the impacted contracts."
Socket, a cross-chain infrastructure protocol, facilitates several Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance. According to Socket, the assault resulted in a financial hit of more than $3.3 million. To stop the offender from siphoning off more money, the team has put the contracts on hold.
Blockchain analyst Spreekaway, via their X account, has announced the incident. The culprit apparently leveraged a token approval from the Ethereum address 0x3a23f943181408eac424116af7b7790c94cb97a5 to pull off the exploit, they explained. Spreekaway has advised users to retract all approvals related to the said address, appearing as "Socket: Gateway" on Etherscan. The Socket developers have assured users that they have paused contracts and that "Users are not required to take ANY steps."
Coinciding with the turmoil, fraudulent scammers seem to be preying on potential victims. A pseudo Socket account, in response to Socket's official post, shared a link to a malevolent app and encouraged users to retract their approvals using another harmful app. With a misspelled X handle of @SocketDctTech in place of the real @SocketDocTech, the deceptive account was swiftly deleted from the X platform within moments of the post.
Working towards tracking all financial losses ensuing from the exploit, beetle, a user from Dune analytics, has established a monitoring dashboard.
Published At
1/17/2024 12:56:23 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.