Socket says Bungee protocol exploited as as funds worth $6 million appear to be stolen
Quick Take An unknown attacker appears to have drained millions worth of stablecoins and other tokens from the bridging aggregator Bungee.
Interoperability protocol Socket said Tuesday that it had paused affected contracts after reports the Bungee bridging aggregator it develops was affected by an exploit that saw as much as $6 million stolen.
"Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts. We have identified the issue have paused the affected contracts," the project's team wrote at 3:15 p.m. ET on Tuesday.
The incident was noticed an hour earlier by an anonymous researcher who goes by Spreek on X.
"Several million already gone," Spreek wrote at 2:19 p.m. ET, pointing at the attacker's address and recommending that users to revoke approvals for Socket immediately. Around 2:47 p.m. ET, the attack seems to have stopped, they later posted .
"Think this pause fixed it, very likely no more attacks are possible. So if you are currently freaking out about revoking you can probably relax," Spreek wrote.
More than $6 million received
In a little more than one hour, the reported wallet received over $6 million in USDT, USDC and DAI stablecoins, $123,500 worth of wrapped BTC, $108,600 in wrapped ether and $132,000 of MATIC, according to Etherscan . The wallet has been sending the received funds to Uniswap, 1inch and other decentralized exchanges.
According to PeckShield, the exploit was a result of "incomplete validation of user input, which is exploited to steal funds from users who have approved the vulnerable SocketGateway contract," the researchers wrote on X.
PeckShield confirmed that at least $3.3 million had been affected.
"The bad route exploited in the hack was added 3 days ago and is now disabled," it wrote in a post on X.
"The exploiter appeared to be draining assets from users that have over-approved Socket, allow them to take funds up to the limit of their approval. To stop this users would have to revoke their approvals," The Block research director Steven Zheng said, referring to the cases in which a user allows a protocol to interact with a wallet containing more funds than is necessary for a transaction.
"For example, if you’re bridging $1,000 in funds but approved the bridge for $2,000. The remaining $1,000 of approvals you didn't use can be drained in this attack," Zheng explained.
Socket said it was continuing to work on the situation and that it would provide regular updates.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
US equities pare recent losses after mixed inflation print
December’s CPI report shows the central bank has made some progress in moving inflation back down to its 2% target
What Are the Whales Doing Right Now in Cryptocurrencies and What Are Small Investors Doing? The Data is Clear
An analysis published by cryptocurrency analysis company Alphractal examined the behavior of whales and small investors.
BREAKING: FED Publishes Critical Beige Book Report – Here’s All You Need to Know
The FED has published the important Beige Book document, which is closely followed by cryptocurrency investors. Here are the details.
Another Positive News Came From Germany: One of the Largest Stock Exchanges Announces Bitcoin and Cryptocurrency Development
Boerse Stuttgart, one of Germany's leading stock exchanges, spoke about the Bitcoin and cryptocurrency service it provides in its statement.
Trending news
MoreCrypto prices
More
