Socket Protocol Recovers 1,032 ETH Stolen by Hackers

Following an exploit that targeted the approval vulnerability, the team successfully recovered over half of the lost funds.

Money recovery
The Socket protocol received assistance from the Web3 cybersecurity community in investigating the January 16 hack.

Yesterday, Socket, an interoperability protocol that fell victim to a hack on January 16, provided an update on the incident. Fortunately, the project's team successfully recovered a significant portion of the stolen funds, totaling 1,032 ETH, equivalent to almost $2.297 million at the time of publication. The total losses incurred during the event were valued at approximately $3.3 million.

Read also: Turbulent Start of 2024: Gamma Strategies, Radiant Capital Hacks and Solana Drainers

As per the post on X, several cybersecurity teams and individual on-chain analysts, including SlowMist, Cryptogorensic Investigators, Samczsun, Tayvano, Robert Chen, and others, actively contributed to the recovery efforts. The team expressed gratitude for this collaborative support and pledged to release a comprehensive recovery and distribution plan for affected users soon.

Earlier posts from Socket, issued promptly after the incident, revealed that the team had made attempts to contact the attacker. However, specific details regarding this communication have not been disclosed yet.

The security breach originated from wallets with unlimited approvals to Socket contracts, which provided the attacker with the means to exploit vulnerabilities within the protocol's performAction function. This flaw allowed for a call injection attack, as it enabled inserting the malicious into the call() function, compromising the contract's state and enabling unauthorized fund withdrawals.

Read also: Private Key Compromises and Exit Scams Are Current Major Web3 Threats

While the Socket protocol team is celebrating a recent victory, decentralized exchange liquidity aggregator Concentric is facing a struggle with a loss of $1.7 million due to the exploitation of vault vulnerabilities. This exploit, fueled by a social engineering attack, involved the malicious actor taking advantage of the upgradability of vaults to mint new LP tokens and subsequently drain the vaults of their assets.

Concetric's lost funds swapped
Source: PeckShield, X

Unfortunately, shortly after the incident, blockchain security team PeckShield discovered that the stolen funds had already been swapped for nearly 716 ETH, valued at approximately $1.593 million at the time of publication. "These stolen ETH have already been split into 3 addresses: 0xfd68...6030 (300 ETH), 0x1F14...C42d, labeled as 'OKX DEX Exploiter' (300 ETH), 0x1786...4c34 (115.75 ETH)," PeckShield explained.

In the meantime, another victim experienced significant financial damage exceeding $1 million in a phishing incident reported by the ScamSniffer team. The victim suffered a loss of $1.18 million worth of BUSD, USDT, and USDC when they signed an increaseAllowance transaction and multiple ERC20 Permit signatures. These transactions allowed the scammer to manipulate the victim's wallet and execute unauthorized transfers.