- Transit Swap has been exploited, resulting in $23 million in stolen funds.
- The DEX platform said it had obtained the hacker’s IP and email address.
- With the help of security teams, Transit Swap has been able to recover 70% of $23 million.
The cross-chain swap aggregator Transit Swap announced that it suffered a hack due to a vulnerability in its code and lost nearly $23 million.
The DEX platform Transit Swap wrote on Twitter,
After a self-review by the TransitFinance team, it was confirmed that the incident was caused by a hacker attack due to a bug in the code. We are deeply sorry.
The hack, identified on October 2, hinted that the hacker may have performed earlier withdrawals from known exchanges. Transit Swap apologized to its users on Twitter and added that it would share more details about the findings with the community.
In essence, blockchain security firm SlowMist issued a root-cause analysis on the hack, stating:
The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during the token swap, which leads to the issue of arbitrary external calls.
Transit Swap has already been able to get the hacker’s IP, email address, and associated on-chain addresses. The exchange platform also encouraged the hacker to return the stolen money.
In particular, with the help of blockchain firms such as SlowMist, Bitrace, PechShield, Token Pocket, and TransitFinance, Transit Swap has so far been able to retrieve 70% of the $23 million stolen funds.
📢📢📢Updates about TransitFinance
1/5 We are here to update the latest news about TransitFinance Hacking Event. With the joint efforts of all parties, the hacker has returned about 70% of the stolen assets to the following two addresses:— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
Subsequently, the funds were returned in the form of 3,180 Ether (ETH) valued at $4.2 million, 1,500 ETH worth $2 million and 50,000 BNB of value $14.2 million. Transit Swap team said that they are still trying to recover the remaining 30% of the funds. Also, they have not returned the funds to users, saying it is collecting data to develop a refund plan.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.