Hacker Exploits $21M Vulnerability in Transit Swap

In Brief

• A hacker has exploited a vulnerability in Transit Swap
• Transit Finance confirmed that the hacker has returned 70% of the funds.
• The crypto space has recorded a spate of recent exploits from hackers in the space.
  

Decentralized exchange aggregator Transit Swap lost $21 million to an exploit after a hacker took advantage of an internal fault in its swap contract.

The multi-chain DEX announced this on Twitter while also apologizing for the exploit. “After a self-review by the TransitFinance team, it was confirmed that the incident was caused by a hacker attack due to a bug in the code. We are deeply sorry,” it said.

At the time of the announcement, It added that efforts are already underway to recover the stolen funds and it is working with SlowMist, PeckShield, Bitrace, TransitFinance, and TokenPocket security and technical teams to recover the funds.

The announcement also added that they have been able to get the hacker’s IP, email address, and associated on-chain addresses. Transit Swap also encouraged the hacker to get in touch to return the funds.

Hacker returned 70% of stolen funds
The effort appears successful because the latest update from Transit Finance confirmed that the hacker had returned 70% of the funds to two addresses. But efforts remain underway to recover the remainder of the funds.

According to SlowMist, an arbitrage bot front-run the hacker as they transferred BUSD assets from the user on the BSC chain and made 1.07 million BUSD in profit.

Users have asked that Transit Swap cover the rest of the stolen funds if the hacker fails to return the remaining 30%. They claim this is only appropriate since the exploit was the DEX’s fault and would not have happened otherwise.

Hackers in full swing
Meanwhile, this exploit marks the third time in recent weeks that hackers took advantage of faulty code or bugs to exploit Defi protocols and blockchain addresses.

A few days ago, an MEV bot that made over a million in one arbitrage trade lost $1.45 million within an hour after a hacker exploited the bad code to approve a transfer.

Before that, the 1inch network team disclosed that all addresses created by the vanity address tool, Profanity, were prone to hacks. Some of these addresses have already been exploited.

With hackers getting more skilled in breaching blockchain protocols, the need for extensive security audits before deploying a code has never been more important.

Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.