One of the largest decentralized exchanges in the cryptocurrency world, Transit Swap, had formally been breached, and those responsible for the breach have paid about $21 million. A swap contract in the multi-chain DEX had an internal weakness that the attacker was able to exploit. In addition, the development team has acknowledged the attack and has apologized publicly for it.
It’s a Game of Cat and Mouse With the Hackers
Investigators are looking for the user assets taken, and it appears that they have located the assets based on updates provided by the DEX. Transit Swap reported that all parties’ project team members and security firms still follow the intrusion event and correspond with the culprit via email and on-chain techniques.
It’s interesting how much information the team has gathered on the hacker suggests they won’t be able to flee.
According to Transit Swap, they currently have a wealth of correct info, including the hacker’s IP address, email address, and related on-chain addresses. They will try every effort to track the perpetrator, get in touch with them, and assist everyone in the making up for their losses.
Transit Swap acknowledged that the hackers exploited a bug and made off with millions of dollars in user payments and said, “We are deeply sorry.” In response to questions about the likelihood of receiving reimbursement of the money, Transit Swap responded, “The team will keep collecting the remaining assets from hackers’ stolen capital and return them to the affected clients.
The Transit Swap team will continue to provide updates and release details. They are appreciative of their customers’ understanding and greatly appreciate their calmness.
Hackers Return 70% of the Money
The most recent Transit Finance update said that the hacker had successfully returned 70% of the funds to two addresses. Therefore the operation appeared to have been successful. To retrieve the remaining cash, however, ongoing efforts are being made.
A bot supervised the hacker as he swapped the user’s BUSD holdings to the BSC chain and generated BUSD 1.07 million profit, said Slowmist, a blockchain security company.
If the perpetrator does not restore the remaining 30%, users have requested that Transit Swap reimburse the remaining amount of the stolen money. They argue that this is only fair because the breach was the DEX’s fault and wouldn’t have occurred in any other circumstance.
Hackers Going Rogue
Defi protocols and blockchain credentials have been exploited three times in recent weeks by hackers using flawed code or flaws.
Recently, a hacker who used the incorrect code to accept a transfer caused an MEV bot that had previously made over $1 million in a single arbitrage trade to lose $1.45 million in just 60 minutes.
The 1inch network team had previously disclosed that all addresses generated by the customized address tool Profanity were vulnerable to hacking. These addresses have already been used in specific negative ways.
There’s never been a more pressing need for extensive security assessments before publishing code, as adversaries are increasingly skilled at exploiting blockchain protocols.
Source: https://crypto.news/21-million-in-transitswap-money-stolen-by-hacker/