Hackers access almost any platform these days, resulting in several financial damages. Most crypto projects have become victims of current hacks at one point, and the decentralized exchange Transit Swap is one of them.
A hacker found a loophole in the Transit Swap code and exploited it to steal funds from user accounts on October 1. According to the statistics posted by the decentralized exchange, the hacker stole $28.9milliom.
Fortunately, per the TransitFinance, Transit Swap’s team, most of the stolen funds were retrieved within 24 hours. The retrieved funds were roughly $18.9 million, as disclosed by the decentralized exchange statistics.
Transit Swap is still working on returning most of the stolen assets and dealing with the sudden inconvenience, as they stated:
“The incident is still being investigated and resolved, and we will continue to communicate and work hard to recover additional assets for users.”
Transit Swap’s hacking news came out a few weeks after other crypto hacks had made headlines concerning being hacked. The headlines were mostly about hackers exploiting DeFi protocols and blockchain addresses via vulnerable codes.
The Code’s Vulnerability Exploited by the Hacker
The firm lost huge funds to the hacker on October 1, who exploited an internal bug on a Swap contract. After the hacking, the TransitFinance team said it sought the security help of companies TokenPocket, SlowMist, and Bitrace.
After investigations and research, the TransitFinance team, with the help of the security firms, quickly identified the hacker’s email address, IP, and on-chain addresses linked to the cybercrime.
Within 24 hours after the exploitation, TransitFinance disclosed that the hacker had returned 70% of the stolen funds to two addresses, totaling $16.2 million. This happened faster because of the firm’s efforts assisted by the security firms involved.
Currently, most returned funds are in the form of wETH, ETH, and BNB. Further, SlowMist, one of the security companies hired to track the hacker, posted in a Twitter thread stating that,
“Transit Swap hacker was front-run by an arbitrage bot when he transferred BUSD assets from the user on the BSC chain, block height 21816885, and made a profit of 1.07 million BUSD”.
Most blockchain firms have fallen victim to hacks recently, where the hacker exploits a bug in the firm’s code. For example, In Mid-September, an MEV bot lost $1.45 million within an hour after a hacker used a vulnerable code to affirm the transfer.
What Next for Transit Swap Users and the Firm?
Hacking affects not only a firm’s reputation within the industry but also its customers; this is the case with Transit Swap’s demise. Transit also told the affected users,
“Due to a large number of users and funds affected by the incident, the relevant hacked data will be publicized within two days, and the return plan will be improved. We will properly return the user assets as soon as possible. We sincerely appreciate all the users’ trust and patience.”
Transit Swap affirmed that they do not yet have a plan to return user funds; however, they are working to collect the remaining stolen assets and data on user losses to create a return plan for Transit Swap users affected by the cyber-crime.