Interoperability service Socket and its bridging platform Bungee restarted operations early Wednesday after an apparent $3.3 million exploit led to a temporary pause in trading activity.
The incident occurred as attackers targeted wallets with infinite approvals to Socket contracts, developers said. Approvals are authorizations for blockchain-based tools that allow applications to access tokens, or a specific token, in a user’s wallet.
Anonymous security research @speekaway was the first to flag the exploits at around 18:20 UTC on Tuesday. A wallet connected to the exploit believed to be the attackers’ holds nearly $3 million in ether (ETH) and $300,000 worth of other tokens.
Socket paused activity as the exploit came to light, preventing the attack from propagating further. Early Wednesday, Socket developers said on X the issue was fixed and activities were restarted. They added that plans for compensation were in the works.
Cross-chain bridges such as Socket’s Bungee allow users to transfer tokens between different blockchains but remain one of the most exploited tools in the market.
Earlier in January, the new year’s first crypto exploit became an $81 million hack of Orbit Chain, a cross-chain bridge that connects Ethereum to other networks. Such attacks continue to remain commonplace due to the complexity of cross-chain tools, key developers say.
“Cross-chain security has multiple levels, which consumers should be aware of when choosing a bridge,” said Sergey Nazarov, co-founder of Chainlink, in a message to CoinDesk. “Like data oracles, there are many bridge variants that don’t provide real security and don’t describe how they work beyond saying the words ‘decentralized’ and ‘secure’.”
“It would be wise for bridge users to ask themselves what they really know about the security of their chosen bridge and where it ranks on the 5 levels of the cross-chain security spectrum,” Nazarov added.