As a significant blow to the DeFi sector, Socket, a prominent blockchain interoperability protocol reported a major security breach resulting in over $3.3 million in losses. The incident which was driven by a vulnerability in user input validation, has opened critical security concerns within the DeFi space among the users.
Blockchain security firm PeckShield reported the breach and said that the hack was due to a flaw in Socket’s user input validation system. This flaw allowed attackers to exploit wallets that had granted infinite approvals to Socket contracts.
The vulnerability was also traced back to a specific route added just three days prior to the attack. The attackers leveraged this vulnerability to initiate unauthorized fund transfers.
Tayler Melvin, the team hospitality lead at Socket acknowledged the breach and informed users about the incident. Socket took immediate action, as the affected contracts were temporarily paused to prevent further unauthorized activities.
The Socket project also assured users that their assets were secure and took steps to mitigate further risks. As of writing Socket is now operational again. The affected contract has been paused and the damage is fully contained. Bridging on Bungee Exchange and most of their partner frontends has resumed.
Impact of the hack and user responses
Over 200 wallets using Bungee’s Socket route on Ethereum were affected with a combined loss exceeding $3.3 million. Funds were swiftly converted into Ether, Polygon’s Matic token, wrapped versions of Bitcoin and Ethereum, and MakerDAO’s Dai stablecoin showcasing the complexity of the attack.
Many took to social media to express their concerns about the incident, emphasizing the need for enhanced wallet security features. It was questioned why wallets couldn’t automatically revoke approvals or provide alerts to users in case of potential issues.
Hacking incidents like these highlight the critical role of smart contract security in the ever-evolving DeFi world. Users are urged to remain vigilant, always double-check transaction details and stay informed about potential vulnerabilities.