Crypto News

Socket Faces Security Breach Resulting In ~$3.3M Loss

Socket, a protocol in the decentralized finance (DeFi) space, recently encountered a security incident that led to a loss of approximately $3.3 million. 

The vulnerability stemmed from a call injection attack on the Socket protocol, specifically impacting wallets with infinite approvals to Socket contracts. As a response, all affected contracts have been swiftly PAUSED to mitigate further damage.

The attack exploited an unsafe call within the performAction function, primarily due to overlooking scenarios where the caller transfers 0 Wrapped Ether (WETH). This oversight allowed the attacker to specify alternative functions in the call while still passing the balance check.

The attacker strategically crafted calldata to invoke the transferfrom function of arbitrary tokens, consequently siphoning tokens previously approved to the contract by other users to the attacker’s address.

$3.3 Million Recorded Stolen Funds

The stolen funds, amounting to around $3.3 million across six assets, include:

– 2.57 million USDC

– 347,000 USDT

– 165,000 MATIC

– 13,800 DAI

– 42 WETH

– 2.8 WBTC

As part of their strategy, the exploiter promptly converted the pilfered stablecoins, totaling 2.92 million, into 1,139 Ether at an average price of $2,564. The converted funds are currently held in the wallet address 0x50DF5a2217588772471B84aDBbe4194A2Ed39066.

This incident underscores the persistent challenges faced by DeFi protocols in maintaining robust security measures. Socket’s prompt action to halt affected contracts demonstrates a commitment to safeguarding user assets and mitigating potential risks within the DeFi ecosystem.

Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any service.

Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!

Image Source: ismagilov/123RF// Image Effects by Colorcinch

Leave a Comment

Your email address will not be published. Required fields are marked *