Crypto Mining

Socket said it recovered 1,032 ETH after the Bungee exploit last week.

Security • January 23, 2024 5:54 AM EST

Posted 1 minute ago In ~

Interoperability protocol Socket said Tuesday that it had recovered 1,032 ethers (worth $2.3 million at current prices) after exploiting the Bunge Bridge protocol it developed.

In an update to

A security incident last week affected wallets that had unlimited authorization for socket contracts. The project responded and suspended affected contracts, but at least $3.3 million worth of funds were stolen, according to blockchain security company PeckShield.

“The vulnerability was caused by incomplete validation of user input, which was exploited to steal funds from users who accepted vulnerable SocketGateway contracts,” PeckShield said at the time. “The bad path exploited in the hack was added three days ago and is now disabled,” PeckShield added.

Steven Zheng, head of research at The Block, explained: “It appears that users are trying to steal assets from users who have over-authorized Sockets, allowing them to take funds up to their authorization limits. To stop these users, you need to revoke their authorizations.” .

“For example, if you linked $1,000 in funds but authorized $2,000 in funds, the remaining unused $1,000 in authorizations could be consumed in this attack,” Zheng said.


Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.

© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.

About the author

James Hunt is a reporter for The Block, based in the United Kingdom. As a writer for The Daily newsletter, James also brings you up to speed on the latest cryptocurrency news every week. Before joining The Block in 2022, James spent four years in the industry as a freelance writer, contributing content to publications and cryptocurrency projects. James’ coverage ranges from Bitcoin and Ethereum to layer 2 scaling solutions, avant-garde DeFi protocols, evolving DAO governance structures, modern NFTs and memecoins, regulatory environments, cryptocurrency company trading, and the immersive metaverse. It’s all-encompassing. You can reach James on Twitter or Telegram via @humanjets or email him at (email protected).

Related Articles

Back to top button