The Socket security team discovered a malicious npm package, where attackers attempted to steal 85% of wallet balances.

This Week's Newsletter - Deep Dive on Chain Abstraction through Particle, Socket and LayerZero, & Main News of the Week

Vaibhav Chellani released the Socket Protocol Whitepaper

Vybe Network launches WebSocket service to achieve real-time data push on the Solana blockchain.

Binance will update request weight adjustment and WebSocket user data request on September 3rd.

Binance plans to update request weight adjustments and WebSocket user data requests on September 3rd.

Binance Futures to Consolidate COIN-Margined WebSocket Domains on 2024-07-29

Scheduled System Upgrade for Binance USDⓈ-M Futures WebSocket on 2024-04-23

OpenSea collaborates with SOCKET to support cross-chain and exchange operations for tokens.

Binance Futures to Retire Old WebSocket Domain, Advises Users to Switch

Cross-Chain Interoperability Protocol SOCKET Offers 100% Compensation Plan

SOCKET: Will provide 100% compensation to users affected by the BUNGEE hacking incident.

Socket Protocol Recovers Two-Thirds of Stolen ETH from Hack

SOCKET: 1032 stolen ETH have been recovered. A recovery and distribution plan for users will be announced.

Cross-chain Protocol SOCKET: 1032 ETH Stolen Funds Have Been Recovered

SOCKET RECOVERS $2.3 MILLION IN ETH AFTER BRIDGE PROTOCOL EXPLOIT

Socket Suffers $3.3 Million Loss in Hack Due to Input Validation Flaw

Binance Launches New WebSocket Domain for Margin Services

Binance Futures to Retire Old WebSocket Domain, Advises Users to Switch

OpenSea Pro announced the launch of Polygon and supported cross-chain asset exchange on Ethereum and Polygon by integrating Socket. Earlier the Binance NFT market announced that it would no longer support the Polygon network and users have to withdraw Polygon NFTs.…

We asked @monad_xyz and @SonicLabs why they picked the EVM over others 👀 Hear what they have to say on SOCKET TV: https://t.co/dleqMZ4UhR https://t.co/ojvcJLuza3

Major update to our V3 REST and WebSocket APIs V3 introduces a unified and standardized interface across spot and perpetual markets, rebuilt for greater scalability & much lower latencies. Start trading: https://t.co/8DAlkLT20e https://t.co/lo19jAJJtN

🌹DBot v1.72 is released: USD1 trading pair for Bsc copy trading supported, added auto migrate take profit / stop loss tasks and limit orders to #PancakeSwap when the https://t.co/A8SRFk8eU4's USD1 internal market is full, Bubble chart added (position analysis)🔥Dashboard & Official Website:- USD1 trading pair for Bsc copy trading supported- Added auto migrate take profit / stop loss tasks and limit orders to PancakeSwap when the https://t.co/A8SRFk8eU4's USD1 internal market is full- Bubble chart added (position analysis)- Batch edit wallet for copy trading tasks supported- Displays of k-line charts and some pages optimized🤖Telegram Bot:- USD1 trading pair for Bsc copy trading supported- Added auto migrate take profit / stop loss tasks and limit orders to PancakeSwap when the https://t.co/A8SRFk8eU4's USD1 internal market is full⚡API & WebSocket：- USD1 trading pair for Bsc copy trading supported- Added auto migrate take profit / stop loss tasks and limit orders to PancakeSwap when the https://t.co/A8SRFk8eU4's USD1 internal market is full😎FREE forever, Fastest Speed but Lowest Fees(down to 0.01%)✅Follow, RT & Login DBot✅Join DBot Telegram Group & Discord（🔗DBot offical link in comment）#BSC #solana #x1000gem #memecoin

Missed the episode? Catch up on SOCKET TV here:

🛡️ GRIDNET Defeats Advanced DDoS Attacks - Network Stronger Than Ever! The past week has been intense, but we've emerged victorious! Our development team has been working around the clock to counter sophisticated attacks targeting our network. What We Faced: 👉Advanced Slowloris HTTP 1.1 partial request attacks Network layer SYN flood attacks 👉Targeted disruption of GRIDNET OS Decentralized User Interface Services 👉Attacks specifically aimed at HTTP and WebSocket protocols The GRIDNET Advantage: Unlike other networks that rely on operators to be security experts, our Wizards built comprehensive DDoS mitigation DIRECTLY into GRIDNET Core software itself! Some mechanics even integrate with Windows Kernel Mode for maximum protection. Breakthrough Achievement: For the first time in over a week, GRIDNET Core is successfully serving Decentralized User Interface mechanics and UI dApps despite ONGOING attacks! 🚀 Transparency Matters: Every line of anti-DDoS code was developed on YouTube LIVE and documented in our Live-Development Discord channel. Hundreds of hours of real-time development for the community to witness. Why This Matters: While other projects crumble under attack, GRIDNET adapts and grows stronger. This is what happens when you have true decentralization backed by military-grade engineering. The network stands resilient. Attacks continue, but we're winning! 🧙‍♂️ ℹ️ DUI services are available from https://t.co/gQCn36mrg8

Catch up on SOCKET TV Ep. 3 here: https://t.co/dleqMZ4UhR

Catch up on SOCKET TV Ep. 3 here: https://t.co/dleqMZ4UhR

Missed SOCKET TV Ep. 3, catch it here: https://t.co/dleqMZ4UhR

SOCKET TV Ep. 3 📺 Performance chains are here & they're out to eat every app you love. @vaibhavchellani chatted with @keoneHD & @michaelfkong on → how @monad_xyz & @soniclabs are reshaping what’s possible onchain → sub second UX → type of apps this will unlock & more https://t.co/kFKCdvkdgx

Building a chain is actually much harder than you think. 😥 @michaelfkong of @SonicLabs breaks it down on today's episode. New SOCKET TV episode drops at 3 PM UTC! https://t.co/BXYW2EPHad

A new episode of SOCKET TV drops tomorrow! We’ve got @keoneHD from @monad_xyz + a very special guest. Builders, you won't want to miss this one. https://t.co/QIOUm0bQom

gCookie 🍪 SOCKET is now live on @cookiedotfun Let's see you cook and climb the leaderboard: https://t.co/H5QfYvBx3J https://t.co/nCk6h90oCt

No shill, just vibes 😌SocketSociety lead PowerPuffs @vaibhavchellani + @litocoen are hopping on a Space today at 4PM UTC. Come hang! Bring your memes, your questions, or just lurk. See you there✌️ https://t.co/W0hoXr8hN8

The SocketSociety content challenge is still in full swing! So don't miss your shot to become a PowerPuff and climb the @wallchain_xyz leaderboard ⚡️ We’ve seen some great entries already, but if you’re aiming for the top, here are a few tips to help you stand out:

Still bridging in 2025 ⁉️ Things are about to get spicy tomorrow. SOCKET co-founder @vaibhavchellani shares his hot takes on interoperability with @0xPolygon & @AvailProject https://t.co/szcgTcLDky

Bungee now lets you swap from anywhere into @solana. Swap $WIF, $MEW, or $BONK into Ape from any chain. No bridges, no switching networks, no stress. That’s chain abstraction powered by SOCKET.

🚨JUST IN: BUNGEE LIQUIDITY MARKETPLACE BUILT ON SOCKET GOES LIVE ON SOLANA

We hosted a SocketSociety sticker challenge and you absolutely understood the assignment From chaotic to cute, the creativity was definitely there 👏 Huge thanks to everyone who showed up to help deck out our Discord; we can't wait to start using these stickers And now... drumroll for your winners

We're proud to see CCTP V2 launch on WorldChain! Experience effortless, gasless, and near-instant USDC swaps on @BungeeExchange v2, the Open Liquidity Marketplace. Chain abstracted since Day 1. Powered by SOCKET ⚡️ https://t.co/gdygxWMCRr

Wallets can be emptied faster than most realize, sometimes within moments of a single click. This guide teaches how security teams transform raw blockchain data into real-time alerts and work together to stop threats before they cause harm. 🧵👇 Introduction Hackers operate at lightning speed, forcing defenders to stay one step ahead. This article breaks down how teams turn the overwhelming flood of mempool data into precise, actionable signals. We’ll explore how advanced models and automated playbooks help close the gap between detecting suspicious activity and stopping threats in their tracks. Finally, we’ll look at how sharing threat intelligence across projects improves response times and strengthens the entire ecosystem. Together, these pieces form a playbook for defending public chains at the speed attacks happen. Streaming Feature Stores Production-grade on-chain security analytics require fast access to mempool traffic. A common architecture captures pending transactions from an Ethereum JSON-RPC or WebSocket endpoint and publishes them to an Apache Kafka topic. Open-source demonstrations show how ERC-20 transfers are streamed in real time and persisted for analytics by coupling Python clients with Kafka brokers. Within the stream-processing layer (Kafka Streams or Apache Flink), transactions are enriched into feature vectors: Opcode frequency, static disassembly of inputData or contract bytecode yields an opcode histogram per transaction; sudden spikes of CREATE2, SELFDESTRUCT, or DELEGATECALL correlate strongly with drainer campaigns. Gas anomalies, deviations from rolling medians on gasPrice and gasLimit expose sandwich bots and liquidity-rug scripts. Token-flow deltas, real-time aggregation of ERC-20 Transfer events identifies large, multi-token approvals typical of drainer kits. Feature stores built for low-latency inference (Feast, SageMaker Feature Store streaming mode) persist these computed fields so that downstream models and heuristics can score each transaction before block inclusion. The result is a continuously updated, replayable ledger of structured fraud indicators without leaking raw user secrets. LLM-Assisted Triage Large language models are increasingly embedded in Security Operations Center (SOC) workflows to accelerate alert enrichment. Operational playbooks now route phishing domains, scam-site HTML, and drainer JavaScript into GPT-class models that: Label IOCs, classify URLs or filenames as benign, suspicious, or malicious by matching them against known lexical, brand-squatting, and obfuscation patterns. Summarise context, extract victim lures, wallet-connect flows, and embedded addresses for rapid analyst review. Synthesise detection rules, output draft YARA or Suricata signatures that capture previously unseen obfuscation motifs. Field reports show that combining custom GPTs with threat-intel platforms can cut YARA-rule writing time by more than half while maintaining match precision above 0.9 F-score across validation corpora. The generated rules still require peer review, but the language model removes first-pass drudgery and surfaces novel indicators that regex-based generators often miss. Graph Neural Networks on EVM Data Transaction graphs encode rich structural signals unavailable to single-transaction heuristics. The TLMG4Eth family of graph neural networks combines sentence-level embeddings of transaction calldata with message-passing on the account-interaction graph. Experiments on multi-year Ethereum snapshots report an AUC > 0.93 when spotting funding paths linked to phishing, outperforming volume-threshold filters by 20–30 pp in recall. Complementary work on transaction-graph compression (TGC4Eth) reduces graph size while preserving malicious-account separability, enabling batched inference on consumer-grade GPUs. Together, these studies demonstrate that GNN pipelines can run near-real-time on continuously ingested graphs and surface low-degree, covert drainer nodes long before reputational blacklists update. Community Threat Intel Effective defence scales only through broad information sharing. Security working groups now publish machine-readable threat reports as STIX 2 (Structured Threat Information Expression, version 2) bundles. Signature-based indicators of compromise (IOCs) (malicious bytecode hashes, ENS domains, transaction patterns) are packaged, signed with organisational keys, and pinned to IPFS; the content identifier (CID) is then embedded in a short, on-chain announcement or pushed via TAXII (Trusted Automated eXchange of Indicator Information) feeds. Tools such as the Service Ledger pilot demonstrate end-to-end workflows where enterprises exchange encrypted STIX objects via a permissioned IPFS overlay while preserving authenticity and tamper evidence. Shared cyber threat intelligence (CTI) lowers mean-time-to-detection across ecosystems: a phishing contract fingerprint captured on one roll-up can be flagged by security tooling and have preventive rules pushed to other roll-ups within hours. As these registries mature, DAO-funded bounty programs are rewarding contributors whose intel prevents measurable losses, echoing Web2 bug-bounty economics but anchored in transparent token-based treasuries. These blue-team patterns lay the operational foundation for the more policy-oriented guardrails outlined in Part 6 of our 7 Part Series of AI Phishing, available on our profile. Sustained investment in shared feature pipelines, ML-driven graph analytics, automated multisig playbooks, and token-incentivised intel markets is essential to defend public chains at GenAI speed. How do you see the future of on-chain security shaping up?