Socket bridge victims will be made whole

The Socket Tech team negotiated the return of stolen ETH from hacker

January 26, 2024 11:14 am

helen_g/Shutterstock modified by Blockworks

Socket Tech, a blockchain interoperability protocol, has announced a compensation plan for those affected by the Jan. 16 security incident that occurred on their network.

The exploit was more limited in scope than originally thought — affecting only 232 users — but those affected lost about $3.3 million in assets.

The team announced in a Thursday blog post that “a series of negotiations” with the hacker resulted in the recovery of 1032 ether (ETH) — about $2.3 million at current prices. ETH itself is down about 11% since the time of the incident, alongside the broader crypto market.

Socket is making up the difference in USD terms, distributing $1.1 million to affected wallets. Users will have to sign an on-chain message to prove wallet ownership, but importantly — given the nature of the original exploit — recipients do not need to grant any approvals to claim reimbursement.

Newsletter

Subscribe to The Breakdown

Loading Tweet..

The original exploit targeted a subset of users who had granted unlimited approvals to tokens in their wallets — a common, if misguided, phenomenon in DeFi.

Read more: $80M lost in first hack of 2024

The concern was heightened by the fact that many users were unaware they were utilizing Socket Protocol in the first place. This protocol is commonly used behind the scenes to bridge the Ethereum network with over a dozen other blockchains that utilize EVM (Ethereum Virtual Machine) infrastructure.

In its post-mortem on the incident, Socket noted that since they “default to finite approvals within Socket API, Socket Plugin [and] bungee.exchange, the damage was limited.”

Multiple security researchers collaborated on the recovery, including Seal911, Slowmist, and Hexagate.

The official link to claim, according to the post, is recovery.socket.tech.

Nefarious parties will likely seek to exploit naive users, prompting Socket to conclude with a warning:

“We expect scammers to send out fake phishing links. Refrain from clicking on any 3rd party links.”

Get the news in your inbox. Explore Blockworks newsletters:

The Breakdown: Decoding crypto and the markets. Daily.
0xResearch: Alpha in your inbox. Think like an analyst.

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy tickets learn more

recent research

Research

Solana DEX Winners: All About Order Flow

Solana's spot trading landscape will remain bifurcated: prop AMMs will own the short-tail of highly liquid pairs, while passive AMMs continue drifting toward the long-tail. Both can win via vertical integration, but in opposite directions: passive AMMs are moving closer to users through token issuance platforms (e.g., Pump-PumpSwap, MetaDAO-Futarchy AMM), while prop AMMs are moving down the stack into transaction landing services and infrastructure (e.g., HumidiFi-Nozomi). The venues most at risk are legacy AMMs with limited end-user control and no durable, launch-driven source of order flow.

by Carlos Gonzalez Campo