Verify a decision

{"actor":"system:backfill","investigation_id":"09053226-33df-4c47-9a09-055aa638373a","kind":"publish","page_slug":"bungee","published_at":"2026-05-28T08:15:57.394Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Bungee","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.bungee.exchange/overview/what-is-bungee","type":"other","url":""},{"credibility":3,"name":"https://theorg.com/org/socket-tech/org-chart/vaibhav-chellani","type":"other","url":""},{"credibility":3,"name":"https://www.crunchbase.com/person/vaibhav-chellani-b154","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2024/01/17/socket-bungee-restart-operations-after-apparent-33m-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/272986/socket-says-bungee-protocol-exploited","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=socket-service-and-its-bungee-bridge-suffer-3-3-million-theft","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/socket-tech-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/socket","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.fxstreet.com/cryptocurrencies/news/breaking-bungee-exchange-and-socketdottech-likely-exploited-users-asked-to-revoke-address-202401161936","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2024/01/17/socket-bungee-restart-operations-after-apparent-33m-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coinlive.com/news-flash/425843","type":"other","url":""},{"credibility":3,"name":"https://blockworks.co/news/defi-exploit-socket-compensation-plan","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/273964/socket-ether-recovery-bungee-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.certik.com/resources/blog/socket-tech-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/socket","type":"other","url":""},{"credibility":3,"name":"https://rivanorth.com/blog/hack-explained-socket","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/multi-chain-crypto-wallet-drain-phishing-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://status.bungee.exchange/","type":"other","url":""},{"credibility":3,"name":"https://www.bungee.exchange/","type":"other","url":""}]}],"sources_used":[],"summary":"Bungee Exchange is a cross-chain bridge aggregator and liquidity routing protocol developed by Socket (formerly SocketDotTech), founded in 2021 by Vaibhav Chellani and Rishabh Khurana. On January 16, 2024, the underlying Socket infrastructure was exploited via an inadequately validated smart contract route, resulting in approximately $3.3 million stolen from roughly 700 wallets with infinite token approvals. The protocol recovered approximately $2.23 million of the stolen funds one week later and resumed operations; it remains active as of 2026.","timeline":[{"date":"2021-01-01","event":"Socket Protocol founded by Vaibhav Chellani and Rishabh Khurana, previously from Biconomy.","source":""},{"date":"2022-01-01","event":"Socket raises seed/pre-seed funding from Coinbase Ventures, Lightspeed Venture Partners, Framework Ventures, Nascent, and others, reportedly totalling $5–12 million across rounds.","source":""},{"date":"2024-01-13","event":"Socket admin deploys a new bridging route to the SocketGateway contract containing an unvalidated .call() vulnerability.","source":""},{"date":"2024-01-16","event":"Exploit executed: attacker drains approximately $3.3 million from ~700 wallets with infinite token approvals to SocketGateway. @speekaway first flags attack at 18:20 UTC; PeckShield reports at 14:26 ET; Socket confirms and pauses contracts.","source":""},{"date":"2024-01-17","event":"Socket and Bungee restart bridging operations after patching the vulnerable route. Compensation plan for victims announced.","source":""},{"date":"2024-01-23","event":"Socket announces recovery of 1,032 ETH (~$2.23 million) of stolen funds; victim claim process initiated via on-chain message signing.","source":""},{"date":"2024-01-01","event":"CertiK publishes post-incident technical analysis confirming incomplete input validation as root cause.","source":""},{"date":"2026-04-27","event":"Bungee Exchange reports all services fully operational per its public status page.","source":""}]},"v":1}