TechFlow reports that cross-chain protocol Socket has announced its Bungee bridge aggregator was attacked, resulting in up to $3.3 million stolen. The team confirmed and paused the affected contracts at 3:15 PM ET on Tuesday. An anonymous researcher named Spreek noticed the incident one hour earlier on X, identifying the attacker's address and advising users to immediately revoke approvals for Socket. The attack appears to have stopped at 2:47 PM ET.
According to PeckShield, the attack occurred due to incomplete validation of user inputs, allowing the attacker to steal funds from an approved vulnerable SocketGateway contract. The affected amount is at least $3.3 million. Socket stated it is actively handling the situation and will provide regular updates.




