Transit Swap hacker returns $16.5M of stolen funds

Cross-chain DEX aggregator Transit Swap had a rough weekend after it lost over $21 million of users’ funds to a vulnerability attack.

An unknown hacker launched an attack against TransitSwap’s unverified smart contract on Oct. 1. Users who unknowingly approved their tokens for trading on Transit Swap had all their funds transferred directly to the hacker’s address.

Transit Swap users lost a cumulative $21 million to the vulnerability exploit across the ETH and BSC chain. The hacker lost about $1 million to an arbitrage bot as he moved the stolen funds.

Blockchain security firms SlowMist, PeckShield, and Bitrace, worked closely with the Transit Swap team to track the hacker’s IP, email address, and associated on-chain address. Their joint efforts saw the hacker return over 70% of the stolen funds.

As of press time, the returned funds totaling $16.5 million are held in Transit Swap’s ETH & BSC addresses. About 3180 ETH ($4.2 million), 1500 B-ETH ($2 million), and $10.4 million worth of BNB have been returned. However, $3,5 million in stolen BNB is still held in the exploiter’s BSC address.

The hacker reportedly moved 2,500 BNB (worth $715,000) into mixing protocol Tornado Cash and attempted to withdraw the funds through the LATOKEN crypto exchange.

The Transit Swap team has updated that they are still working to recover more stolen funds and will soon reach out to users about the fund return process.

Source: https://cryptoslate.com/transit-swap-hacker-returns-16-5m-of-stolen-funds/