Socket says it recovered 1,032 ETH following Bungee exploit last week

Security • January 23, 2024, 5:54AM EST
Partner offers
The Block may may earn a commission if you use our partner offers, at no extra cost to you.

Quick Take

  • Interoperability protocol Socket said Tuesday it has recovered 1,032 ether following an exploit last week.
  • The exploit saw as much as $3.3 million stolen, according to blockchain security firm PeckShield.

Interoperability protocol Socket said Tuesday it had recovered 1,032 ether (worth $2.3 million at current prices) following an exploit on the Bungee bridge protocol it develops.

“We have successfully recovered 1,032 ETH from the funds involved in the incident on 16th Jan,” Socket wrote in an update on X. “We will release a recovery and distribution plan for users soon.”

Last week’s security incident affected wallets with infinite approvals to Socket contracts. The project paused the affected contracts in response, though at least $3.3 million worth of funds were stolen, according to blockchain security firm PeckShield.

The exploit resulted from "incomplete validation of user input, which is exploited to steal funds from users who have approved the vulnerable SocketGateway contract," PeckShield said at the time. “The bad route exploited in the hack was added three days ago and is now disabled," PeckShield added.

"The exploiter appeared to be draining assets from users that have over-approved Socket, allowing them to take funds up to the limit of their approval. To stop this users would have to revoke their approvals," The Block research director Steven Zheng explained. 

"For example, if you’re bridging $1,000 in funds but approved the bridge for $2,000. The remaining $1,000 of approvals you didn't use can be drained in this attack," Zheng said. 


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

AUTHOR

James Hunt profile picture James Hunt

James Hunt is a Senior Reporter at The Block and writer of The Daily newsletter, keeping you up to speed on the latest crypto news every weekday. Prior to joining The Block in 2022, James spent four years as a freelance writer in the industry, contributing to both publications and crypto project content. You can get in touch with James on Telegram or 𝕏 via @humanjets or email him at [email protected].

See More
Connect on

Editor

To contact the editor of this story: Adam James at [email protected]

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on

More by James Hunt