Main hacker in Transit Swap exploit agrees to return remaining funds
On Monday, decentralized finance (DeFi) protocol Transit Swap announced that it had reached an agreement with its biggest hacker for the return of funds. Approximately one week prior, a hacker exploited an internal bug on a swap contract within the protocol and caused other individuals to imitate the security breach, leading to a loss of over $23 million in user funds.
However, the main hacker has since returned approximately 70% of exploited funds thanks to the help of security companies such as Peckshield, SlowMist, Bitrace, and TokenPocket. They quickly tracked down the hacker by identifying their IP address, email address, and associated-on chain addresses.
As per Monday's agreement, the hacker would return the remaining 10,000 BNB tokens, worth roughly $2.74 million, from the exploit in exchange for relief of all legal liabilities arising from the attack from Transit Swap's side. In addition, the hacker would keep 2,500 BNB ($685,600) for his "white hat" efforts in uncovering the security vulnerability.
Updates about TransitFinanceA consensus has been reached between the biggest hacker and TransitFinance Official, the hacker will keep 2,500 BNB as a bonus and refund the users’ remaining 10,000 BNB.https://t.co/DOwRw7doYy
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 10, 2022The Transit Swap team has also set a deadline of Oct. 12 for two hacker-imitators and one hacker-arbitrageur to return the stolen funds. Afterward, developers threatened that "judicial actions" would be taken.
Related: White hat finds huge vulnerability in Ethereum–Arbitrum bridge: Wen max bounty?
At the beginning of the year, DeFi exploits were largely a low-risk, high-reward endeavor thanks to user anonymity. Recently, the rise of blockchain analytic firms and forensic DeFi firms, coupled with a U.S. ban on crypto-mixer tools such as Tornado Cash, has made it harder for hackers to launder the stolen funds. Instead, some have opted to return the funds and keep a portion of the exploited proceeds as a "bounty" for uncovering the security vulnerability, as with the Nomad bridge hack.