Transit Swap ‘hacker’ returns 70% of $23M in stolen funds

Published at: Oct. 3, 2022

A quick response from a number of blockchain security companies has helped facilitate the return of around 70% of the $23 million exploit of decentralized exchange (DEX) aggregator Transit Swap.

The DEX aggregator lost the funds after a hacker exploited an internal bug on a swap contract on Oct. 1, leading to a quick response from Transit Finance team along with security companies Peckshield, SlowMist, Bitrace and TokenPocket, who wer able to quickly work out the hacker’s IP, email address and associated-on chain addresses.

It appears these efforts have already born fruit, as less than 24 hours after the hack, Transit Finance noted that “with joint efforts of all parties” the hacker has returned 70% of the stolen assets to two addresses, equating to roughly $16.2 million.

These funds came in the form of 3,180 Ether (ETH) ($4.2 million), 1,500 Binance-Peg ETH and ($2 million) and 50,000 BNB ($14.2 million), according to BscScan and EtherScan.

Updates about TransitFinance1/5 We are here to update the latest news about TransitFinance Hacking Event. With the joint efforts of all parties, the hacker has returned about 70% of the stolen assets to the following two addresses:

— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022

In the most recent update, Transit Finance stated that “the project team is rushing to collect the specific data of the stolen users and formulate a specific return plan” but also remains focused on retrieving the final 30% of stolen funds.

At present, the security companies and project teams of all parties are still continuing to track the hacking incident and communicate with the hacker through email and on-chain methods. The team will continue to work hard to recover more assets," it said. 

Related: $160M stolen from crypto market maker Wintermute

Cybersecurity firm SlowMist in an analysis of the incident noted that the hacker used a vulnerability in Transit Swap’s smart contract code, which came directly from the transferFrom() function, which essentially allowed users' tokens to be transferred directly to the exploiter's address. 

“The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.”
Tags
Nft
Related Posts
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Furucombo to issue iouCOMBO tokens to repay victims of $15M exploit
Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds. Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool. Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to …
Technology / March 9, 2021
Maiar decentralized crypto exchange goes offline after bug discovery
The Maiar Exchange, a decentralized exchange (DEX) native to the Elrond blockchain, has been temporarily taken offline after an attacker utilized an exploit and made off with roughly $113 million worth of Elrond eGold (EGLD). Minutes before 12:00 am UTC on Monday, the co-founder and CEO of Elrond, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized cryptocurrency exchange. Soon after, the DEX was taken offline, with Mincu reporting that the issue had been identified and an “emergency fix” was being implemented. In a Twitter thread posted almost 24 hours …
Altcoin / June 7, 2022
'Haunts me to this day' — Crypto project hacked for $4M in a hotel lobby
The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome. The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point. He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. The thieves were somehow able to gain access …
Nft / Feb. 7, 2023
Developers need to stop crypto hackers — or face regulation in 2023
Third-party data breaches have exploded. The problem? Companies, including cryptocurrency exchanges, don’t know how to protect against them. When exchanges sign new vendors, most just innately expect that their vendors employ the same level of scrutiny as they do. Others don’t consider it at all. In today’s age, it isn’t just a good practice to test for vulnerabilities down the supply chain — it is absolutely necessary. Many exchanges are backed by international financiers and those new to financial technologies. Many are even new to technology altogether, instead backed by venture capitalists looking to get their feet wet in a …
Bitcoin Regulation / Nov. 3, 2022