SOCKET 2024 Gateway approval exploit
An attacker used an incomplete input-validation path in the Socket Gateway contract to drain assets from Ethereum wallets that had granted approvals to the affected route. SOCKET paused the contracts, removed the route, restored service, and later reported recovering 1,032 ETH.
Incident facts
- Incident title
- SOCKET 2024 Gateway approval exploit
- Bridge
- SOCKET Protocol
- Incident date
- 2024-01-16
- Incident type
- Exploit
- Major incident
- Yes
- Affected chains
- Ethereum
- Affected assets
- USDC, USDT, Unknown
- Attack category
- Cross Chain Contract Exploit
- Reported loss
- Approximately $3.3 million
- Recovery
- Partial Recovery
- Reimbursement
- Announced
- Restart
- Reopened
- Current outcome
- Active After Incident
- Resolution
- Unresolved
- Last reviewed
- 2026-06-15
- Last verified
- 2026-06-15
Timeline events
SOCKET paused affected contracts after approval exploit2024-01-16
SOCKET reported an incident affecting wallets with approvals to the vulnerable route and paused the affected contracts while investigating and removing the route.
SOCKET restored service after removing the vulnerable route2024-01-17
SOCKET said the affected route had been disabled and normal bridging activity was restored after the incident response.
SOCKET reported recovery of 1,032 ETH2024-01-23
SOCKET reported recovering 1,032 ETH connected to the January 16 incident and said a recovery and distribution plan would follow.
Evidence records
- SOCKET acknowledged the January 16 incidentSOCKET · Tier 1 · 2024-01-16
- SOCKET incident-response updateSOCKET · Tier 1 · 2024-01-17
- Socket Tech Incident AnalysisCertiK · Tier 2 · 2024-01-16
- Socket recovered 1,032 ETH following bridge protocol exploitcrypto.news · Tier 2 · 2024-01-23
Known unknowns
- The final fiat value distributed to affected users and completion date require later review.