An attacker drained funds from users that had previously made infinite approvals to a Socket contract.
Cross-chain protocol Socket has been exploited, and $3.3 million has been drained from contracts associated with it, according to a Jan. 16 social media post from the team. The team has paused all contracts to prevent further losses.
“Urgent Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts” the post stated. “We have identified the issue & have paused the affected contracts.”
Socket is a cross-chain infrastructure protocol used by many Web3 apps, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance. Socket claims that more than $3.3 million has been lost in the attack. The team has paused contracts, preventing the attacker from draining more funds.
