Interoperable blockchain network Socket has announced the retrieval of 1,032 Ether tokens worth $2.3 million.
Announcing this development on X (formerly Twitter), the protocol revealed that these digital funds were linked to the January 16 Bungee Bridge exploit, which resulted in the theft of millions of dollars.
FUND RECOVERY UPDATE
We have successfully recovered 1032 ETH from the funds involved in the incident on 16th Jan.
We will release a recovery & distribution plan for users soon.
Big shoutout to everyone who helped us from Seal911, Slowmist, Hexagate, & others:@samczsun…
— Socket (@SocketDotTech) January 23, 2024
The Socket team has affirmed its commitment to releasing a comprehensive recovery and distribution plan for affected users in the near future.
The cyberattack was initially flagged by a user on X, @spreekway, who noted that significant amounts of money had been siphoned off through the Socket/Bungee bridge exploit.
Socket/Bungee approval being exploited rn. several million already gone. attack is ongoing pic.twitter.com/8C25GBPeuo
— Spreek (@spreekaway) January 16, 2024
Providing additional details about the cyberattack, the interoperability protocol explained that it impacted crypto wallets with infinite approvals to its smart contracts.
Meanwhile, blockchain security analytics firm Peckshield documented the incident, estimating the overall loss to be around $3.3 million.
Peckshield also disclosed that the malicious route exploited by the actor was added three days prior, and the Socket protocol has since taken measures to deactivate it.
Delving deeper into the details, the analytics firm noted that the success of the bad actor was largely due to incomplete validation of user input.
Today’s hack on @SocketDotTech results in the loss of >$3.3m.
The bad route exploited in the hack was added 3 days ago and is now disabled. Here are related txs:
– add route tx: https://t.co/lxw7iA1kn4
– disable route tx:https://t.co/QMHfI4YeuUThe hack is due to… https://t.co/QdBBgVF287 pic.twitter.com/yNxF5vCwax
— PeckShield Inc. (@peckshield) January 16, 2024
This vulnerability provided an ideal avenue for the hacker to pilfer funds from users who had previously approved the vulnerable SocketGateway smart contract.
Crypto Losses Still Prevalent
The cryptocurrency space has been a focal point for malicious activities ever since it gained prominence in 2021, with state-backed cybercriminals like the Lazarus Group making off with millions in investor funds.
Tracking crypto losses for 2023, leading bug bounty platform Immunefi reported over $1.8 billion in losses within the nascent industry.
Immunefi also disclosed that hacking incidents had the most significant impact on blockchain-backed protocols. Hackers were able to cart away $1.7 billion across 247 separate incidents. On the other hand, $103.4 million was lost to crypto frauds across 110 specific incidents.
While this figure might seem quite proportionate, the platform revealed that the crypto losses for 2023 were 54.2% less than the approximate $4 billion value hackers and fraudsters carted away in 2022.
The Mixin Network and Euler Finance suffered the highest losses, totaling $397 million, representing 22% of the overall losses in 2023.
The notorious Lazarus Group, backed by the North Korean government, stole a combined $308.6 million throughout the year in five different incidents, targeting Atomic Wallet, CoinsPaid, Alphapo, Stake, and CoinEx.
Meanwhile, the decentralized finance (DeFi) ecosystem was the most impacted as the permissionless digital token marketplace was the subject of 77.3% successful exploits, compared to 22.7% on centralized finance (CeFi) platforms.
Among blockchain networks, the Ethereum and BNB Chain were the most exploited blockchain protocols, with a combined figure of 228 specific incidents targeted at both networks.