Socket announced it has paused the affected contracts and urged users to revoke all transaction approvals for protection.

An unknown exploiter attacked the interoperability protocol Socket on Tuesday afternoon, draining several millions of dollars from multiple wallets. 

“We have identified the issue and have paused the affected contracts,” Socket kusho in an X post. “We’re working on the situation and will keep you informed with regular updates and next steps.” Socket has urged all users to revoke all transaction approvals to prevent loss of funds. 

An on-chain sleuth who goes by the screen name “Spreekaway” identified the exploit on X and waxwayiswa, “Please be careful when revoking. Use only sites that are trusted, do not trust Twitter links or Google ads.”

example tx pic.twitter.com/jZ6VFyLhYM

- I-Spreek (@spreekaway) January 16, 2024

Crypto wallet Rainbow, which uses Socket for its bridging feature, wrote in a post on X that the exploit was “industry-wide.” 

“To protect users, Rainbow has paused bridging functionality in our mobile app and browser extension,” wathi the Rainbow team. “The exploit is believed to be contained at this time, but we are actively working with the @SocketDotTech team to mitigate this vulnerability going forward.”

According to blockchain explorer Etherscan, the attacker’s address ebulawa a total of 237 token transfers in a roughly 14-minute span. The exploiter hasn’t transacted in the past two hours. In its last six transactions, the attacker transferred more than $2.9 million in stablecoins USDC and USDT to different addresses.

The exploiter still holds nearly $3.4 million in cryptocurrencies, namely ETH, MATIC, wBTC and wETH, according to idatha from Web3 portfolio tracker DeBank. 

Socket had wakhuliswa $5 million from Coinbase Ventures and Framework Ventures in Sept. 2023 to enhance communication between blockchains.