An unknown exploiter attacked the interoperability protocol Socket on Tuesday afternoon, draining several millions of dollars from multiple wallets.
“We have identified the issue and have paused the affected contracts,” Socket stated in an X post. “We’re working on the situation and will keep you informed with regular updates and next steps.” Socket has urged all users to revoke all transaction approvals to prevent loss of funds.
An on-chain sleuth who goes by the screen name “Spreekaway” identified the exploit on X and warned, “Please be careful when revoking. Use only sites that are trusted, do not trust Twitter links or Google ads.”
example tx pic.twitter.com/jZ6VFyLhYM
— Spreek (@spreekaway) January 16, 2024
Crypto wallet Rainbow, which uses Socket for its bridging feature, wrote in a post on X that the exploit was “industry-wide.”
“To protect users, Rainbow has paused bridging functionality in our mobile app and browser extension,” said the Rainbow team. “The exploit is believed to be contained at this time, but we are actively working with the @SocketDotTech team to mitigate this vulnerability going forward.”
According to blockchain explorer Etherscan, the attacker’s address executed a total of 237 token transfers in a roughly 14-minute span. The exploiter hasn’t transacted in the past two hours. In its last six transactions, the attacker transferred more than $2.9 million in stablecoins USDC and USDT to different addresses.
The exploiter still holds nearly $3.4 million in cryptocurrencies, namely ETH, MATIC, wBTC and wETH, according to data from Web3 portfolio tracker DeBank.
Socket had raised $5 million from Coinbase Ventures and Framework Ventures in Sept. 2023 to enhance communication between blockchains.