Top

Socket's Bungee resumes operations following exploit

Web3 & Enterprise·January 18, 2024, 2:41 AM

Socket, a cross-chain infrastructure protocol, and its interoperability bridging platform, Bungee, have restarted operations following a temporary pause prompted by an exploit that led to the apparent theft of $3.3 million.

https://asset.coinness.com/en/news/73b443a370b79157a0501b9755418a96.webp
Photo by Anna Tarazevich on Pexels

Security incident

Taking to the company’s Discord, Socket team hospitality lead Taylor Melvin clarified that it had “experienced a security incident which affected wallets with infinite approvals to Socket contracts.”

 

The incident, which occurred on Tuesday, involved an unknown attacker draining millions worth of stablecoins and other tokens from the Bungee bridging aggregator. The attackers targeted wallets with infinite approvals to Socket contracts, exploiting authorizations for blockchain-based tools that allow applications to access tokens in a user's wallet.

 

Security researcher "@speekaway" was the first to flag the exploit on Tuesday. The attacker's wallet, connected to the exploit, held nearly $3 million in ether (ETH) and $300,000 worth of other tokens. By 2:47 p.m. ET, the attack seemed to have ceased, with the researcher recommending users to revoke approvals for Socket to safeguard their assets.

 

Pausing contracts

In response to the security breach, Socket announced the pause of affected contracts on Tuesday at 3:15 p.m. ET. The project's team promptly identified and addressed the issue, taking swift action to mitigate the exploit's impact.

 

@speekaway chimed back in once contracts had been paused, writing:


”Think this pause fixed it, very likely no more attacks are possible. So if you are currently freaking out about revoking you can probably relax.”

 

Normal service returns

As Socket paused activity during the incident, preventing further propagation of the attack, developers worked to fix the issue. Early Wednesday, Socket developers announced that the problem had been resolved, and normal activities had resumed. The team also stated that plans for compensation were in progress.

 

Cross-chain bridges, like Socket's Bungee, facilitate token transfers between different blockchains but remain susceptible to exploitation. Blockchain security and data analytics company PeckShield confirmed that at least $3.3 million had been lost, highlighting the need for enhanced security measures in the rapidly evolving blockchain ecosystem.

 

The exploit involved the exploitation of a recently added route, which has since been disabled. The attacker targeted users who had over-approved Socket, draining funds up to the limit of their approval.

 

This incident follows the $81 million hack of Orbit Chain, a cross-chain bridge connecting Ethereum to other networks, earlier in January. Cross-chain tools' complexity contributes to the frequency of such attacks, emphasizing the importance of understanding the security measures in place when utilizing these bridges.

 

In a message to CoinDesk, Sergey Nazarov, co-founder of Chainlink, emphasized the need for users to scrutinize the security of their chosen bridge, considering the various levels of cross-chain security. With the complexities involved, users are encouraged to be vigilant and informed about the security spectrum of the bridges they employ.

 

Socket was founded by Indian duo Rishabh Khurana and Vaibhav Chellani. In September, the company raised $5 million, with funding coming from Framework Ventures and Coinbase Ventures.

 

More to Read
View All
Policy & Regulation·

Mar 26, 2024

Korean banks cooperate with Polish counterparts in digital finance and blockchain

The Korea Federation of Banks (KFB) Chairman Cho Yong-byoung paid a visit to Poland yesterday to sign a memorandum of understanding (MOU) on financial cooperation between South Korea and Poland, Korean news media The Korea Economic Daily reported. The MOU was signed by Chairman Cho and the Polish Bank Association (ZBP) President, Tadeusz Białek. The partnership aims to strengthen bilateral financial collaboration, which will be backed by holding joint financial conferences, sharing information on financial regulations and training financial experts. Photo by Lukasz Radziejewski on UnsplashJoint seminar on digital finance, blockchain and AI Following the MOU signing ceremony, the two associations conducted a joint seminar on digital finance, economy and the banking industry. The event was attended by Korea's Financial Services Commission (FSC) Chairperson Kim Joo-hyun, representatives of KFB members, President Białek and executives of Polish banks.  Among the mainly discussed topics were Korea's digital financial landscape and its digital banking industry, along with the Polish economy and its banking industry. In particular, the participants focused on innovative changes in the financial industry brought by cutting-edge technology such as blockchain, AI and big data.  During the conference, Chairman Cho expressed his commitment to bolstering the bilateral partnership, stating that the Korean banking industry will support local companies in expanding their businesses in Poland.  

news
Policy & Regulation·

Oct 18, 2023

Israel Doubles Down on Blocking Crypto Funding of Hamas

Israel Doubles Down on Blocking Crypto Funding of HamasIn a move to disrupt the flow of funds to Hamas, Israeli authorities have ordered the closure of over 100 cryptocurrency accounts on Binance, the world’s largest crypto exchange.Photo by Leonid Altman on PexelsHeightened monitoring of crypto-related financingIsraeli authorities were already monitoring crypto accounts suspected of terrorism financing before the recent attack by the Palestinian militant group Hamas. Since then, they have requested information about hundreds of accounts on Binance, suggesting that the scale of their actions has grown significantly since October 7.A statement from Israeli police last week outlined that they had frozen crypto accounts related to financing of Hamas. According to a report on Tuesday by the Financial Times (FT), the Israeli authorities have taken matters further still, having closed more than one hundred accounts on Binance.Scrutinizing 200 additional accountsSources cited by the FT as being close to the situation have revealed that these actions were initiated in response to Hamas’s assault on October 7. Authorities have also sought information on approximately 200 additional crypto accounts, with most of them being held on Binance. While Binance has acknowledged blocking a “small number” of accounts since the summer, it emphasized its adherence to internationally recognized sanctions rules and declined to provide further comment.Governments and regulators have long expressed concerns that terrorist organizations might exploit lightly regulated crypto markets for financial transactions. However, the recent attacks on Israel and the subsequent crypto-based fundraising campaigns by Hamas have made these concerns more pressing.Tom Alexandrovich, the Executive Director at the Israel National Cyber Directorate, stated that cryptocurrency has become a major tool for terror financing during these times of conflict. He noted that the amount of crypto funds involved has significantly increased since the start of the attack.Tether freezes accountsTether, the issuer of leading US dollar stablecoin USDT, announced on Monday that it had frozen 32 addresses containing more than $873,000 due to their alleged links to “terrorism and warfare” in Israel and Ukraine. The exact timing of when these accounts were blocked and the distribution of assets between Israel and Ukraine were not disclosed.Notably, US financial regulators previously alleged that money held on Binance had ties to Hamas. A lawsuit by the Commodity Futures Trading Commission (CFTC) in the United States in March claimed that senior Binance executives had knowledge of “Hamas transactions” in 2019. Binance has refuted these allegations and expressed its intent to contest the lawsuit.Commentators within the crypto space fear that opponents of the development of crypto, like US Senator Elizabeth Warren, will try to capitalize on this issue by using the opportunity to further draconian regulation.Over the past two years, Israeli authorities have seized millions of shekels from crypto accounts with suspected ties to Hamas and other militant groups in the Middle East. A recent analysis by Elliptic found that crypto wallets associated with various suspicious Middle East groups have interacted and relied on the same crypto exchange services to convert crypto into sovereign currencies.

news
Policy & Regulation·

Sep 21, 2023

Mt. Gox Extends Repayment Deadline to 2024

Mt. Gox Extends Repayment Deadline to 2024In a development that has captured the attention of the cryptocurrency community, failed Japanese crypto exchange Mt. Gox has officially announced a one-year extension of its repayment deadline.The decision, authorized by the Tokyo District Court, represents a one-year delay from the previously stipulated date of October 31, 2023.Photo by Andre Benz on UnsplashInfamous collapseAt its height, Mt. Gox was the world’s largest cryptocurrency exchange, facilitating over 70% of all cryptocurrency trades. However, its fall from grace began in 2014 when it fell victim to a colossal hack, resulting in the loss of 850,000 Bitcoins. The collapse left approximately 24,000 creditors in its wake, each of them agonizing over a multi-year period for the return of their digital assets.In a letter dated September 21, Rehabilitation Trustee Nobuaki Kobayashi announced the extension of the repayment deadline. This extension applies to the base repayment, early lump-sum repayment, and intermediate repayment, all of which have been rescheduled to October 31, 2024.The rationale behind this delay is twofold. Firstly, to provide creditors with additional time to furnish essential information required for the repayment process. Secondly, it will allow the trustee to coordinate with associated banks, fund transfer service providers, and cryptocurrency exchanges to facilitate the repayments.Potential payout for diligent creditorsA glimmer of hope exists for creditors who have diligently provided the necessary information. Repayments may commence sequentially as early as the close of this year. That said, it should be noted that the specific timing of repayments for each creditor remains uncertain.Kobayashi emphasized that the schedule is subject to change depending on circumstances, and further adjustments are possible. The Mt. Gox Debtor has encouraged creditors who have as yet not provided required information to facilitate payments to do so.Naturally enough, long suffering creditors are frustrated by this latest update. Taking to X (formerly Twitter), one user named “Mt.Gox’ed” wrote: “People will not get their Mt.Gox money back.” . . . “I’ve been tweeting for a long time that infinite delays are coming.”The move evoked a similar response from distressed debt specialist Thomas Braziel, who wrote: “Another delay from the MtGox trustee’s office — COME ON!”Mt. Gox’s journey towards rehabilitation has been arduous and protracted since its declaration of insolvency in 2014. Legal battles, extensive delays, and the need for meticulous coordination have all contributed to this postponement. Nonetheless, creditors are holding onto the hope that, with this extension, the path to recovering their lost assets will become smoother.Crypto market impactThis latest news has drawn considerable attention within the broader crypto sector as it may have implications for the market as a whole. The repayment delay holds the potential to impact Bitcoin prices, given the sheer volume of tokens that will be released when repayments begin. The Mt. Gox estate holds 142,000 BTC, 143,000 BCH, and 69 billion JPY.As per UBS analysts, while this influx of funds could influence the market, it is unlikely to destabilize Bitcoin. Notably, the recovery of approximately 20% of the stolen tokens after the hack reflects a positive step in the ongoing rehabilitation process.

news
Loading