Socket protocol loses $3.3M in confirmed approval exploit

Cross-chain protocol Socket has been exploited, and $3.3 million has been drained from contracts associated with it, according to a Jan. 16 social media post from the team. The team has paused all contracts to prevent further losses.

“Urgent Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts” the post stated. “We have identified the issue & have paused the affected contracts.”

Socket is a cross-chain infrastructure protocol used by many Web3 apps, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance. Socket claims that more than $3.3 million has been lost in the attack. The team has paused contracts, preventing the attacker from draining more funds.

Blockchain analyst Spreekaway reported the incident from their X account. According to them, the attacker used a token approval from Ethereum address 0x3a23f943181408eac424116af7b7790c94cb97a5 to carry out the exploit. Spreekaway recommended that users revoke all approvals from this address, which they claim shows up as “Socket: Gateway” on Etherscan. Socket developers claimed that they have paused contracts and “Users don’t need to do ANYTHING.”

Related: Gamma attempts to negotiate with hacker after $3.4M exploit

Phishing scammers appear to be taking advantage of the chaos to get new victims. In a reply to Socket’s official post, a fake Socket account posted a link to a malicious app and urged users to revoke their approvals using another malicious app that was also provided. The fake account contained the misspelled X handle @SocketDctTech instead of the correctly spelled @SocketDocTech. The fake account was removed from X within minutes of the post.

Phishing account on X claiming to be Socket. Source: X

Dune analytics user beetle has set up a dashboard to track all losses from the attack.