Transit Swap, a decentralized exchange (DEX) aggregator that suffered a $23 million exploit recently, has had 70% of the funds returned. This was made possible by a quick response from a number of blockchain security companies.
The hacker had been able to get away with the exploitation through an internal bug on a swap contract on October 1. This led to a quick response from the Transit Finance team, Peckshield, SlowMist, Bitrace, and TokenPocket. They swiftly worked out the hacker’s IP, email address, and associated on-chain addresses.
Transit Finance, less than 24 hours after the hacking incident, noted that with joint efforts of all parties, the hacker returned 70% of the stolen assets to two addresses – this equated to around $16.2 million. The funds came in the form of 3,180 Ether worth around $4.2 million, 1,500 Binance-peg ETH worth around $2 million, and 50,000 BNB worth $14.2 million. Transit Finance had stated that the project team is rushing to collect the specific data of the stolen users and formulate a specific return plan.
The team also remained focused on retrieving the final 30% of the stolen funds. Security companies continue to track the hacking incident and communicate with the hacker through email and on-chain methods. It highlighted that the team will continue to work hard to recover more assets.
SlowMist, a cybersecurity firm, believes the hacker used a vulnerability in Transit Swap’s smart contract code which came directly from the transfer from the () function which allowed users’ tokens to be transferred directly to the hacker’s address. SlowMist said the root cause of the attack is that the Transit Swap protocol does not strictly check the data passed in by the user during the swap. This leads to the issue of arbitrary external calls. The firm added that the attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.