Socket Tech security breach affects multiple dapps and wallets

The bridging protocol is integrated into other services, but only for users granting unlimited approval

article-image

Blockworks

share

Cross-chain infrastructure protocol Socket.Tech suffered an exploit on Jan. 16, affecting various Web3 apps.

The attack targeted the Bungee Exchange, a frontend to the Socket Protocol which bridges between Ethereum and 12 EVM chains, resulting in a loss of about $3.3 million.

A hacker exploited a vulnerability in the SocketGateway part of the system, which allowed them to take money from users who had given permission to that component, without the users’ knowledge or consent.

Blockchain security firm PeckShield first reported the theft at 2:26 pm ET, which was then confirmed by Socket Tech about 30 minutes later.

Read more: ‘Wallet drainer’ code added to Ledger library has crypto on edge

Only a subset of users who interacted with a vulnerable bridging route added to the protocol in recent days and granted the gateway access to an unlimited amount of tokens were affected — about 200 victims based on a dashboard created on Dune Analytics.

The worst hit wallet saw $656,000 USDC drained to the attacker’s wallet, which then swapped all stablecoins into ether, an asset that cannot be frozen.

The attacker, whose wallet was funded from privacy-preserving exchange FixedFloat, essentially found a weak spot in how the system checked and processed user data, using this to illicitly access and transfer funds.

The route was subsequently disabled to prevent further exploitation, and service to the protocol was restored after about 6 hours.

Loading Tweet..

In addition to Bungee, Socket’s bridging protocol is employed by third-party dapps such as wallets from Rainbow and Zeal, however both these prevented downstream effects by only invoking approvals for specific asset values in a transfer — which is considered best practice.

Loading Tweet..

Rainbow wallet recommended users revoke permissions using the Revoke Cash tool, out of an abundance of caution.

The Socket team has promised a full post-mortem analysis, and said its other “top priorities” are “doing right by our users” and “recovery of funds.”

“We are deeply sorry for the turbulence caused,” they said.

Updated Jan. 26 at 6:35 am ET: The estimated tally of victims was revised lower after publication, closer to 200 than 700 as initially reported.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template.png

Research

The march toward an interoperable and onchain-by-default internet depends on reliable messaging and value transfer across heterogeneous domains. Crosschain protocols now process >$1.3T in combined annual transfer volume and secure tens of millions of user interactions, yet no single design dominates.

article-image

The goal, per Santiago Santos, is to make crypto a relatable piece of tech for people who may not even understand it

article-image

Stripe stablecoin unit aims to operate under a federal charter enabling regulated stablecoin issuance and custody services

by Blockworks /
article-image

Will TradFi make crypto better or create more problems than it solves?

article-image

Subtle decisions by risk curators saved Aave from significant turmoil

article-image

The new Rootstock Institutional unit aims to connect professional investors to Bitcoin-native yield and liquidity strategies anchored in BTC’s security layer

by Blockworks /
article-image

DOJ files record civil forfeiture against more than 127,000 BTC linked to scam activity

by Blockworks /