Socket says it recovered 1,032 ETH following Bungee exploit last week
Interoperability protocol Socket said Tuesday it had recovered 1,032 ether (worth $2.3 million at current prices) following an exploit on the Bungee bridge protocol it develops.
“We have successfully recovered 1,032 ETH from the funds involved in the incident on 16th Jan,” Socket wrote in an update on X. “We will release a recovery and distribution plan for users soon.”
Last week’s security incident affected wallets with infinite approvals to Socket contracts. The project paused the affected contracts in response, though at least $3.3 million worth of funds were stolen, according to blockchain security firm PeckShield.
The exploit resulted from “incomplete validation of user input, which is exploited to steal funds from users who have approved the vulnerable SocketGateway contract,” PeckShield said at the time. “The bad route exploited in the hack was added three days ago and is now disabled,” PeckShield added.
“The exploiter appeared to be draining assets from users that have over-approved Socket, allowing them to take funds up to the limit of their approval. To stop this users would have to revoke their approvals,” The Block research director Steven Zheng explained.
“For example, if you’re bridging $1,000 in funds but approved the bridge for $2,000. The remaining $1,000 of approvals you didn’t use can be drained in this attack,” Zheng said.