Key takeaways:
- A social media statement from the team claimed that Socket had been compromised and that $3.3 million had been taken out of contracts related to it.
- The team announced that the platform was back up and running, and the damage had been completely mitigated.
A social media statement from the team on January 16 claimed that Socket, the Cross-chain protocol, had been compromised and that $3.3 million had been taken out of contracts related to it. To avoid more losses, Socket has put a halt to all contracts.
The post said that Socket had encountered a security problem that impacted wallets with limitless authorization to Socket contracts. The article additionally included:
โWe have identified the issue & have paused the affected contracts.โ
Many Web3 applications, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance, use the socket cross-chain infrastructure protocol.
From their X account, blockchain analyst Spreekaway reported the occurrence. They claim that in order to execute the hack, the attacker needed a token approval from an Ethereum address that ended in 97a5.
Users are advised by Spreekaway to cancel all approvals from this address, which they assert appears on Etherscan as “Socket: Gateway.” Socket stated that users don’t need to take any action because it paused contracts.
The team announced on X a few hours after the exploit that the platform was back up and running, the impacted contract had been suspended, and the damage had been completely mitigated. They added:
โWatch out for fake Socket accounts in the replies trying to phish you. Always double check the account before taking any action.โ
It seems like phishing scammers are using the confusion as a springboard to find new victims. A phony Socket account responded to Socket’s official article by posting a link to malicious software and advising users to remove their permissions using another malicious app that was also supplied.
Instead of using the properly spelled @SocketDocTech, the phony account used the misspelled X handle @SocketDctTech. Minutes after the post, X deleted the phony account.
On January 2, Scam Sniffer tweeted a caution against MetaMask phishing attempts on the social media platform Twitter. It is recommended that users report any instances of these accounts so that swift action can be taken.