According to the team's social media post on January 16, the Socket protocol was used and $3.3 million was stolen from associated contracts. The team suspended all contracts to prevent further losses.
Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts.
We have identified the issue & have paused the affected contracts.
We're working on the situation & will keep you informed with regular updates & next steps.
— Socket (@SocketDotTech) January 16, 2024
“Urgent Socket experienced a security incident that affected infinite Socket contract approval wallets,” the post reads. “We have identified the issue and have suspended the affected contracts.”
Socket is an internetworking infrastructure protocol used by many Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance. Socket claims that more than $3.3 million was lost as a result of the attack. The team suspended contracts to prevent the attacker from draining additional funds.
Blockchain analyst Spreekaway reported the incident from their account X. According to them, the attacker used a token approval from the Ethereum address 0x3a23f943181408eac424116af7b7790c94cb97a5 to implement the exploit. Spreekaway recommended that users revoke all approvals from this address, which they claim appears on Etherscan as “Socket: Gateway.” The socket developers stated that they have suspended contracts and “Users do not need to do ANYTHING.”
Related: Gamma tries to settle with hacker after $3.4 million exploit
Phishing scammers appear to be taking advantage of the chaos to attract new victims. In response to the official Socket report, the fake Socket account posted a link to a malicious app and urged users to revoke their permissions to use another malicious app that was also shared. The fake account contained the misspelled X handle @SocketDctTech instead of the correctly spelled @SocketDocTech. The fake account was removed from X within minutes of being posted.
Dune analytics user Beetle installed a Dashboard to track all attack losses.