In another case of hacking in the crypto market, Transit Swap, a cross-chain swap aggregator platform, lost roughly $23 million. The exploit involved the manipulation of an internal bug on a swap contract by a hacker.
However, the quick response of several blockchain security companies helped facilitate the subsequent return of around 70% of the amount. The funds returned came in the form of 3,180 Ether (ETH) at $4.2 million, 1,500 Binance-peg ETH at $2 million, and 50,000 BNB at $14.2 million, according to BscScan and EtherScan.
The Transit hack follows the massive $160 million stolen from algorithmic market maker Wintermute some weeks ago. In another incident, a hacker used an Ether (ETH) arbitrage trading bot to exploit a “bad code” vulnerability. The hacker got with 1,101 ETH in the end. Crypto analysis firm Chainalysis reported $1.9 billion worth of hacks from January to July 2022, a 60% increase over last year’s numbers.
The Transit team took to Twitter on 2 October to address the hack. In the Twitter statement, the DEX aggregator revealed that a self-review by the TransitFinance team confirmed the way in which the hack was conducted. The statement further assured that “security companies are tracking the relevant data on-chain.”
Following the revelation, Transit Swap apologized to users and assured them that efforts were being made to track and recover the stolen funds.
The Transit team employed blockchain security firm PeckShield to help them narrow down the attack to a compatibility issue or misplaced trust in the swap contract. Other investigators that then joined the pursuit include SlowMist, Bitrace, and TokenPocket. The security companies were able to work out the hacker’s IP, email address and associated-on chain addresses.
After the quick turnaround, Transit stated that the team is rushing to collect the specific data of the stolen users and formulate a specific return plan. The team also says that it remains focused on retrieving the final 30% of stolen funds.