Transit Swap Gets 70% Back Of $23 Million Hacked

 120 total views


2022-10-06 09:42:49

Funds “returned” so far in the form of Ether, ETH pegged on Binance and BNB ($14.2 million).

The swift action of several blockchain security companies helped facilitate the recovery of approximately 70% of the total $23 million stolen from the Transit Swap platform.

On October 1, Transit Swap, a decentralized exchange (DEX), lost money after a hacker exploited an internal bug in the swap contract. Soon after, Transit Swap’s finance team and security firms Peckshield, SlowMist, Bitrace and TokenPocket quickly stepped in and found the attacker’s IP address, email address, and associated chain address.

Accordingly, Peckshield has produced a diagram depicting the flow of stolen assets by hackers through various DEXs such as UniSwap, PancakeSwap or Tornado Cash mixer as well as the MEXC exchange.

Tweet describing the flow of stolen funds
Tweet describing the flow of stolen funds

Tweet: https://twitter.com/peckshield/status/1576419241414524929

These efforts paid off when less than 24 hours from the time of the hack, the hacker returned 70% of the stolen assets to the two addresses, equivalent to about 16.2 million USD.

These funds come in the form of 3180 Ether (ETH) at $4.2 million, 1500 Binance-Peg ETH at $2 million, and 50,000 BNB at $14.2 million, according to BscScan and EtherScan.

In the most recent update, Transit Finance said that “the project team is rushing to collect specific data of stolen users and develop a specific return plan” while still focusing on retrieving. The remaining 30% of the money is stolen.

Currently, security companies and project teams of all parties are continuing to monitor hacking incidents and communicate with hackers through email and on-chain methods. The team will continue to work hard to recover more assets.

Cybersecurity firm SlowMist in an analysis of the incident noted that hackers used a vulnerability in Transit Swap’s smart contract code, which came directly from the function. transferFrom()which essentially allows the user’s token to be transferred directly to the miner’s address:

“The root cause of this attack is that the Transit Swap protocol does not closely examine the data that users pass in during the token swap, which leads to the problem of arbitrary external calls. . The attacker exploited this arbitrary external call problem to steal user-approved tokens for the Transit Swap. “



#Transit #Swap #Million #Hacked

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Close Bitnami banner
Bitnami