Socket, Bungee Restart Operations After Apparent $3.3M Exploit

The platform experienced a security incident late Tuesday that affected wallets with infinite approvals to Socket contracts, developers said.

AccessTimeIconJan 17, 2024 at 7:20 a.m. UTC
Updated Mar 8, 2024 at 8:04 p.m. UTC

Interoperability service Socket and its bridging platform Bungee restarted operations early Wednesday after an apparent $3.3 million exploit led to a temporary pause in trading activity.

The incident occurred as attackers targeted wallets with infinite approvals to Socket contracts, developers said. Approvals are authorizations for blockchain-based tools that allow applications to access tokens, or a specific token, in a user’s wallet.

Anonymous security research @speekaway was the first to flag the exploits at around 18:20 UTC on Tuesday. A wallet connected to the exploit believed to be the attackers' holds nearly $3 million in ether (ETH) and $300,000 worth of other tokens.

Socket paused activity as the exploit came to light, preventing the attack from propagating further. Early Wednesday, Socket developers said on X the issue was fixed and activities were restarted. They added that plans for compensation were in the works.

Cross-chain bridges such as Socket’s Bungee allow users to transfer tokens between different blockchains but remain one of the most exploited tools in the market.

Earlier in January, the new year’s first crypto exploit became an $81 million hack of Orbit Chain, a cross-chain bridge that connects Ethereum to other networks. Such attacks continue to remain commonplace due to the complexity of cross-chain tools, key developers say.

“Cross-chain security has multiple levels, which consumers should be aware of when choosing a bridge,” said Sergey Nazarov, co-founder of Chainlink, in a message to CoinDesk. “Like data oracles, there are many bridge variants that don’t provide real security and don’t describe how they work beyond saying the words ‘decentralized’ and ‘secure’.”

“It would be wise for bridge users to ask themselves what they really know about the security of their chosen bridge and where it ranks on the 5 levels of the cross-chain security spectrum,” Nazarov added.

Edited by Parikshit Mishra.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.