Skip to main content
Sign in

Socket Protocol

avoid.net/socket-protocol58/100·82% conf.
[VERIFIED]
anchored·33vHoH…6ajC

Summary

Socket Protocol (also marketed as Bungee Exchange) is a cross-chain interoperability and liquidity-routing protocol founded in 2021 by Vaibhav Chellani and Rishabh Khurana. On January 16, 2024, a newly deployed route module containing an unvalidated calldata vulnerability was exploited, draining approximately $3.3 million from approximately 230 wallets that had granted infinite token approvals to the SocketGateway contract. In an unusual outcome for a DeFi exploit, Socket negotiated the return of 1,032 ETH (~$2.3 million) from the attacker and covered the remaining ~$1.1 million shortfall itself, making all affected users whole.

Have evidence about Socket Protocol?

Timeline(10 events)

2021-01-01

Socket Protocol founded by Vaibhav Chellani and Rishabh Khurana, building on prior Biconomy infrastructure experience.

CoinDesk

2022-03-01

Socket closes $5 million seed round led by Framework Ventures.

CoinDesk

2023-09-06

Socket raises $5 million strategic round co-led by Coinbase Ventures and Framework Ventures to expand interoperability with Coinbase Wallet and Base.

CoinDesk

2024-01-13

Admin transaction adds the vulnerable WrappedTokenSwapperImpl route to the SocketGateway contract — three days before the exploit.

CertiK Incident Analysis

2024-01-16

Attacker exploits unvalidated calldata in the new route module at 19:03 UTC, draining approximately $3.3 million from ~230 wallets with infinite approvals to SocketGateway in two transactions.

CertiK Incident Analysis / The Block

2024-01-16

Socket team disables the vulnerable route and pauses contracts within approximately 14 minutes of the exploit.

Halborn

2024-01-16

Socket admin wallet sends on-chain message to the attacker initiating bounty negotiation and requesting return of funds within 12 hours.

CryptoBriefing

2024-01-17

Socket and Bungee Exchange resume normal operations after patching the vulnerable module.

CoinDesk

2024-01-23

Socket announces recovery of 1,032 ETH (~$2.3M) from the attacker following negotiations, and commits to covering the remaining ~$1.1M shortfall to make all 232 affected users whole.

The Block / CoinTelegraph

2024-01-23

Compensation portal launched at recovery.socket.tech; affected users can claim reimbursement by signing an on-chain message without granting new approvals.

Blockworks
Provenance & Audit Trail

Decision Log

This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

model: claude-sonnet-4-6

generated: 5/31/2026, 6:59:58 AM

last updated: 6/8/2026, 11:31:35 PM

avoid.net — verified advice for a post-truth world