Trending News: Understand the Exit Test: The Last Mile to DecentralizationShanghai State-owned Assets Supervision and Administration Commission learns stablecoin. Mysterious Oriental Power helps BTC break new highs?ETH returns to $3,000: Six major reasons to boost Is the copycat season comingShanghai State-owned Assets Supervision and Administration Commission holds a study meeting on cryptocurrency and stablecoinBeyond DeFi Summer: Is PayFi Summer coming soon?Pump.fun sends coins. Is it an opportunity or a harvest?Focus on the CLARITY Act: A complete analysis of content, significance and industry evaluationEthereum’s new visionTop 10 core reasons for bullish EthereumFrom supporting Trump to building a third party, the difficult political journey of “madman” MuskThe old king is dead. The new king is crowned: Meme’s power changes on the coin issuing platformA brief history of stablecoin developmentAave: The development, current status and traditional financial advantages of decentralized financial agreementsYears of losses to profits, is it difficult to replicate the OSL path in the new stage of Hong Kong Web3?Bitcoin is on the rise to 110,000 again. Is it a bullish return?Wall Street pledge crazeDeconstructing Ethereum Fusaka Upgrade: The Expansion Evolution Theory Behind 12 EIPsThe market is just a little bit better, WLFI is about to be unlockedIs AI “sinking” an opportunity for Web3?Grayscale: Stablecoin SummerWhat are the possible applications for crypto ETFs to be approved in 2025?From stock tokenization to Layer 2 Robinhood series new products quick lookAI Agent Launchpads: Missing infrastructure in the Web3 fieldFrom on-chain to off-chain: State Channels and Roll-upsStablecoins—Variables that reshape the global financial orderGrayscale: Top 20 crypto assets worth paying attention to in Q3 2025What does the post-90s left-wing Muslims win New York mayoral primary election mean for BTCAltcoin concept stocks are very popular. Should investors get on the bus?Multicoin: New modality for issuance and trading of crypto assetsCICC: Economic Analysis of StablecoinsThe Hong Kong government releases the “Hong Kong Digital Asset Development Policy Declaration 2.0” (full text)Grayscale: The Rise of DEXTIA plunge and disillusionment of crypto industry narrativeFrom BTC, ETH to altcoins, corporate treasury is setting off a cryptocurrency trendThe next stop for stablecoins: international payments, US stock tokenization and AI AgentHow many times has Trump called for Powell to cut interest rates?Why didn’t Powell surrender?Wall Street talks about LABUBU and Moutai: Decline or paradigm shift?3 Misunderstandings about U.S. debtMorgan Stanley: Why has China started to pay attention to stablecoins recently?TokenInsight: How the head DeFi project integrates with traditional financeHow will China respond to the shock wave of the US dollar stablecoin?V God guides the way to bull market: Deconstructing the three troika driving the Ethereum value flywheelNansen’s Points Plan What other projects are worth paying attention to in the near future?Insights4.vc: Current status of venture capital and stablecoin in 2025Why is the Meme currency LABUBU derived from Labubu toys unable to escape the death?Prophecy in 2013: Mai Gang talks about BTC, currency war and the internationalization of the RMBIn-depth analysis Spark: Active Capital Allocation Device in the DeFi FieldEtherealize Research Report: Bullish Ethereum New Oil in the Digital AgeSorting out the China-US and European stablecoin regulatory bills. Which giants are planning?GENIUS bill passed by the U.S. Senate What impact does it have on the crypto industryGet a16z led by US$70 million. Understand what EigenCloud isUS Senate passes stablecoin GENIUS bill Trump calls for Iran surrendera16z: Dispute Analysis on the “End of the Crypto Foundation Era”Understand ERC-7786: The Ethereum ecosystem has made great strides into the era of great unity?The background color of businessmen under Trump’s political halo: “Made in the United States” and ETF layoutMEME Manual | Automatically find the Golden Dog to make a profit address OKX Address Radar is hereFrom MeMe to AI: Where are the new opportunities in the crypto market?Arthur Hayes: Past, present and future of stablecoin marketsMilitary parade or birthday party?Who are the giants sponsoring the US military parade?Trump says agreement should be reached, giant whale withdrawal and serial liquidation leads to token plungeWho is quietly rewriting the underlying logic of DeFi asset allocation?Coinbase Research Report: Three major themes of the crypto market in the second half of 2025Horse racing, internal fighting, layoffs, peeking into the power struggle in the core circle of EthereumFrom “innovation exemption” to “on-chain finance” DeFi summer may reappeara16z: 11 major use cases to understand the cross-fusion of AI and encryptionThe changes in Singapore in the eyes of 5 Web3 practitionersEthereum’s Revival Battle: Lubin leads the 425 million vault strategyCoinbase: The future of currency has arrived and has just begunResearch Report: Binance’s four major currency listing paths and subsequent CEX performance are fully disassembledWho is Bowman, vice chairman of the Federal Reserve Board of Regulation?What crypto comments have beenDoes memecoin have “basics”?Why is the “Tema” fighting against the century-old verbal war?How will it affect the crypto market?Global comparison of Hong Kong Web3 regulatory policiesStrategic ETH reserves: Ethereum’s new narrative battleWhy is Goldman Sachs wrong in judgment on EthereumBankless: The last piece of the puzzle of DeFiArtemis: Where is the supply of 240 billion stablecoins going?Cetus stolen funds recovered “decentralization” concessions to user interestsSingapore “kills all over” Web3, the era of regulatory arbitrage endsPantera Partner: DAT InspurDetailed explanation of Ethereum’s dominance in the RWA marketBehind Stablecoins: Why Washington suddenly has a special liking for the US dollar stablecoinEthereum RWA burst: regulatory changes and a new growth engine“DTSP License Guide” (full text)The Rule of Encryption Scale – Where is the hard top of DeFi​Yuchen Sun × James Wynn: The future of decentralization and Meme innovationCircle raises IPO pricing SharpLink completes $425 million in financingEthereum Gas fee is cheap. What core problems are L2 solving?Musk is about to leave his unfulfilled DOGEQuick review of 21 golden sentences in Bitcoin 2025Brother Sun went to the banquet for Trump. Who became the anchor of the “power currency” on the chain?Behind the Meme tide: Which launchpad is better?Current development status of MEME coins on VirtualHow does Ethereum carry the wide application of stablecoins?Bankless: The Era of EthereumTrump’s eldest son: America will win the cryptocurrency revolutionUS Vice President: BTC is a strategic asset for the United States in the next decadeTrade policy drags down the economy beyond expectations, and continued inflation may put decision-making in dilemmaTen Thousand Word Research Report: MemeCoin’s Past and Present LifeWho is Quintenz, the candidate for CFTC chairman?Which companies are they related to?
Sat. Jul 12th, 2025
Trending News: Understand the Exit Test: The Last Mile to DecentralizationShanghai State-owned Assets Supervision and Administration Commission learns stablecoin. Mysterious Oriental Power helps BTC break new highs?ETH returns to $3,000: Six major reasons to boost Is the copycat season comingShanghai State-owned Assets Supervision and Administration Commission holds a study meeting on cryptocurrency and stablecoinBeyond DeFi Summer: Is PayFi Summer coming soon?Pump.fun sends coins. Is it an opportunity or a harvest?Focus on the CLARITY Act: A complete analysis of content, significance and industry evaluationEthereum’s new visionTop 10 core reasons for bullish EthereumFrom supporting Trump to building a third party, the difficult political journey of “madman” MuskThe old king is dead. The new king is crowned: Meme’s power changes on the coin issuing platformA brief history of stablecoin developmentAave: The development, current status and traditional financial advantages of decentralized financial agreementsYears of losses to profits, is it difficult to replicate the OSL path in the new stage of Hong Kong Web3?Bitcoin is on the rise to 110,000 again. Is it a bullish return?Wall Street pledge crazeDeconstructing Ethereum Fusaka Upgrade: The Expansion Evolution Theory Behind 12 EIPsThe market is just a little bit better, WLFI is about to be unlockedIs AI “sinking” an opportunity for Web3?Grayscale: Stablecoin SummerWhat are the possible applications for crypto ETFs to be approved in 2025?From stock tokenization to Layer 2 Robinhood series new products quick lookAI Agent Launchpads: Missing infrastructure in the Web3 fieldFrom on-chain to off-chain: State Channels and Roll-upsStablecoins—Variables that reshape the global financial orderGrayscale: Top 20 crypto assets worth paying attention to in Q3 2025What does the post-90s left-wing Muslims win New York mayoral primary election mean for BTCAltcoin concept stocks are very popular. Should investors get on the bus?Multicoin: New modality for issuance and trading of crypto assetsCICC: Economic Analysis of StablecoinsThe Hong Kong government releases the “Hong Kong Digital Asset Development Policy Declaration 2.0” (full text)Grayscale: The Rise of DEXTIA plunge and disillusionment of crypto industry narrativeFrom BTC, ETH to altcoins, corporate treasury is setting off a cryptocurrency trendThe next stop for stablecoins: international payments, US stock tokenization and AI AgentHow many times has Trump called for Powell to cut interest rates?Why didn’t Powell surrender?Wall Street talks about LABUBU and Moutai: Decline or paradigm shift?3 Misunderstandings about U.S. debtMorgan Stanley: Why has China started to pay attention to stablecoins recently?TokenInsight: How the head DeFi project integrates with traditional financeHow will China respond to the shock wave of the US dollar stablecoin?V God guides the way to bull market: Deconstructing the three troika driving the Ethereum value flywheelNansen’s Points Plan What other projects are worth paying attention to in the near future?Insights4.vc: Current status of venture capital and stablecoin in 2025Why is the Meme currency LABUBU derived from Labubu toys unable to escape the death?Prophecy in 2013: Mai Gang talks about BTC, currency war and the internationalization of the RMBIn-depth analysis Spark: Active Capital Allocation Device in the DeFi FieldEtherealize Research Report: Bullish Ethereum New Oil in the Digital AgeSorting out the China-US and European stablecoin regulatory bills. Which giants are planning?GENIUS bill passed by the U.S. Senate What impact does it have on the crypto industryGet a16z led by US$70 million. Understand what EigenCloud isUS Senate passes stablecoin GENIUS bill Trump calls for Iran surrendera16z: Dispute Analysis on the “End of the Crypto Foundation Era”Understand ERC-7786: The Ethereum ecosystem has made great strides into the era of great unity?The background color of businessmen under Trump’s political halo: “Made in the United States” and ETF layoutMEME Manual | Automatically find the Golden Dog to make a profit address OKX Address Radar is hereFrom MeMe to AI: Where are the new opportunities in the crypto market?Arthur Hayes: Past, present and future of stablecoin marketsMilitary parade or birthday party?Who are the giants sponsoring the US military parade?Trump says agreement should be reached, giant whale withdrawal and serial liquidation leads to token plungeWho is quietly rewriting the underlying logic of DeFi asset allocation?Coinbase Research Report: Three major themes of the crypto market in the second half of 2025Horse racing, internal fighting, layoffs, peeking into the power struggle in the core circle of EthereumFrom “innovation exemption” to “on-chain finance” DeFi summer may reappeara16z: 11 major use cases to understand the cross-fusion of AI and encryptionThe changes in Singapore in the eyes of 5 Web3 practitionersEthereum’s Revival Battle: Lubin leads the 425 million vault strategyCoinbase: The future of currency has arrived and has just begunResearch Report: Binance’s four major currency listing paths and subsequent CEX performance are fully disassembledWho is Bowman, vice chairman of the Federal Reserve Board of Regulation?What crypto comments have beenDoes memecoin have “basics”?Why is the “Tema” fighting against the century-old verbal war?How will it affect the crypto market?Global comparison of Hong Kong Web3 regulatory policiesStrategic ETH reserves: Ethereum’s new narrative battleWhy is Goldman Sachs wrong in judgment on EthereumBankless: The last piece of the puzzle of DeFiArtemis: Where is the supply of 240 billion stablecoins going?Cetus stolen funds recovered “decentralization” concessions to user interestsSingapore “kills all over” Web3, the era of regulatory arbitrage endsPantera Partner: DAT InspurDetailed explanation of Ethereum’s dominance in the RWA marketBehind Stablecoins: Why Washington suddenly has a special liking for the US dollar stablecoinEthereum RWA burst: regulatory changes and a new growth engine“DTSP License Guide” (full text)The Rule of Encryption Scale – Where is the hard top of DeFi​Yuchen Sun × James Wynn: The future of decentralization and Meme innovationCircle raises IPO pricing SharpLink completes $425 million in financingEthereum Gas fee is cheap. What core problems are L2 solving?Musk is about to leave his unfulfilled DOGEQuick review of 21 golden sentences in Bitcoin 2025Brother Sun went to the banquet for Trump. Who became the anchor of the “power currency” on the chain?Behind the Meme tide: Which launchpad is better?Current development status of MEME coins on VirtualHow does Ethereum carry the wide application of stablecoins?Bankless: The Era of EthereumTrump’s eldest son: America will win the cryptocurrency revolutionUS Vice President: BTC is a strategic asset for the United States in the next decadeTrade policy drags down the economy beyond expectations, and continued inflation may put decision-making in dilemmaTen Thousand Word Research Report: MemeCoin’s Past and Present LifeWho is Quintenz, the candidate for CFTC chairman?Which companies are they related to?
Sat. Jul 12th, 2025

Data verification vulnerabilities lost 3.3 million US dollars Socket attack events at the beginning and end of the attack

Source: Certik Chinese Community

January 16, 2024,Socket Tech was attacked and lost about 3.3 million US dollarsEssenceThe attacker uses a Socket contractVulnerability in the data verification linkThe user’s funds that stole the authorized contract through malicious data input.This attack brought losses to 230 addresses, and the largest single address loss was about 656,000 US dollars.

Background introduction

Socket is an interoperable protocol serving cross -chain security, efficient data and asset transmission.The Socket Gateway contract is the access point for all interaction with the Socket liquidity layer. All asset bridge accessers and DEX are converged into a unique Yuanqiao pickup, and the best transaction is selected according to user preferences (such as cost, delay or security).routing.

Three days before the hacking attack, the Socket contract administrator executed the Addroute command and added a new route to the system.The purpose of adding routes is to extend the function of the socket gateway,But I accidentally introduced a key loopholeEssence

The following figure is a record of adding routing through the contract administrator:

Outline

1. At 15:03 on January 16, Beijing time, the attacker’s wallet was transferred to the funds used by the attack. Our time analysis shows that the funds are from 0xe620, which is related to 10 BNB extracted from Tornado Cash.

2.These funds are used to create and execute two contracts to use Socket’s loopholesEssenceThe first contract is aimed at the USDC in the address of the Socketgateway address (the screenshot is as follows).127 victims were deceived by about $ 2.5 million.

3. Next, the second contract aims at Weth, USDT, WBTC, DAI and MATIC in the victim’s address.As a result, the other 104 victims lost about the assets: assets:

-42.48 WETH

-347,005.65 USDT

-2.89 WBTC

-13,821.01 dai

-165,356.99 matic

4. The attacker converts USDC and USDT into ETH.

Vulnerability

The vulnerabilities used by the attacker exist in the newly added routing address Routeaddress.

The original function of the PerformAction function in this address is to assist the function of WRAPPING and Unwrapping.

However,There is a key loophole in this function: Under the situation without verification, directly call external data through SwapextRadata in .call (), andThis means that an attacker can execute any malicious functionEssence

In this incident, the attacker made a malicious Swapextradata input to trigger the TransferFrom function.The malicious call took advantage of the user’s authorization of the Socketgateway contract and stole funds from them.

Although the contract will ensure that the user balance will change correctly after the information is called by checking the balance check to ensure that the user balance will change, but the function does not consider that the attacker sets the amount to 0.

Restore the attack process

1. Use an attack contract to call 0x00000196 () on the Socket Gateway contract.

2.Fallback () uses the six -to -make signature 196 to call loopholes. Routeraddress.

3. In the screenshot below, we can see the false input used by the attacker. The number of swapping is all 0.

4. Next, you will call wrappedtokenwapperimpl.PerformAction () for swap.

5. Without any verification, the false Swapextradata is accepted and executed by FROMTOKEN (Weth).

6. The attacker repeatedly executes the above process until the victim’s assets are exhausted.After the malicious transaction appeared, the Socket quickly called DisaBleroute, blocking the routing of the loopholes before, preventing the larger range of attacks.

7. On January 23, Socket announced that it had recovered 1032 ETHs and announced on the 25th that it would compensate all losses.This event is resolved.

Event summary

In a routing contract authorized by unlimited users, malicious CALLDATA attacks are not uncommon.

Similar attacks in the past includeDexible and heCTOR BRIDGEEssence

On February 17, 2023, the decentralized exchange Dexible was attacked and lost more than1.5 million US dollarsEssenceVulnerability Utilities Enter the malicious CALLDATA to the Fill () function of Dexible to steal user assets.

On June 2, 2023, the Hector network protocol was attacked.The attacker deployed a false USDC contract and passed the malicious CALLDATA to transfer 652,000 real USDCs from the victim’s contract.

The blockchain polymer platform usually uses a series of bridges and routing contracts to improve liquidity and reduce losses.However, this complicated packaging can bring more problems to security.

    • jakiro

    Related Posts

    Pump.fun sends coins. Is it an opportunity or a harvest?
    Pump.fun sends coins. Is it an opportunity or a harvest?

    Jessy, bitchain vision On July 12, Pump fun’s token Pump will be sold publicly.This public sale is a cooperation with many second-tier companies such as Kucoin, Bitget, MEXC, etc. The…

    Continue reading
    The market is just a little bit better, WLFI is about to be unlocked
    The market is just a little bit better, WLFI is about to be unlocked

    Jessy, bitchain vision According to the official social media of World Liberty Financial (WLFI), it is developing a token transfer function. In mid-June this year, news that WLFI is about…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Ethereum

    Understand the Exit Test: The Last Mile to Decentralization

    • By jakiro
    • July 11, 2025
    • 5 views
    Understand the Exit Test: The Last Mile to Decentralization
    Policy

    Shanghai State-owned Assets Supervision and Administration Commission learns stablecoin. Mysterious Oriental Power helps BTC break new highs?

    • By jakiro
    • July 11, 2025
    • 13 views
    Shanghai State-owned Assets Supervision and Administration Commission learns stablecoin. Mysterious Oriental Power helps BTC break new highs?
    Ethereum

    ETH returns to $3,000: Six major reasons to boost Is the copycat season coming

    • By jakiro
    • July 11, 2025
    • 7 views
    ETH returns to $3,000: Six major reasons to boost Is the copycat season coming
    Policy

    Shanghai State-owned Assets Supervision and Administration Commission holds a study meeting on cryptocurrency and stablecoin

    • By jakiro
    • July 11, 2025
    • 10 views
    Shanghai State-owned Assets Supervision and Administration Commission holds a study meeting on cryptocurrency and stablecoin
    DeFi

    Beyond DeFi Summer: Is PayFi Summer coming soon?

    • By jakiro
    • July 10, 2025
    • 10 views
    Beyond DeFi Summer: Is PayFi Summer coming soon?
    Project

    Pump.fun sends coins. Is it an opportunity or a harvest?

    • By jakiro
    • July 10, 2025
    • 21 views
    Pump.fun sends coins. Is it an opportunity or a harvest?
    Home
    News
    School
    Search