Hackers have exploited Transit Swap, a multi-chain decentralized exchange (DEX) aggregator, and made away with $21 million worth of cryptocurrencies. The hackers leveraged an internal loop in a swap contract to perpetrate his crime. In addition to informing the public about the breach, the protocol also apologized to its customers.
“After a self-review by the TransitFinance team, it was confirmed that the incident was caused by a hacker attack due to a bug in the code. We are deeply sorry,” the platform tweeted.
The multi-chain DEX platform has already started its investigations in collaboration with the SlowMist security team, Bitrace security team, and PerkShield security team. More security and technical team joined in the investigation like TransitFinance, and TokenPocket. So far, PerkShield has been able to streamline the attack down to a compatibility issue or misplaced trust in the swap contract.
The crypto whistleblower also shared a flowchart depicting the movement of the stolen funds. From the investigations, Transit Swap claims to have several pieces of information about the hacker. Transit Swap commented,
“We now have a lot of valid information such as the hacker’s IP, email address, and associated on-chain addresses. We will try our best to track the hacker and try to communicate with the hacker and help everyone recover their losses.”
Hackers Return 70% Of Fund to Transit Swap
According to PerkShield’s flowchart, it is believed that the hacker may have withdrawn some of the funds from different cryptocurrency exchanges which are well-known. Transit Swap encouraged the hacker to return the funds and this seems to have been successful. Consequently, the hacker has returned 70% of the funds to two wallet addresses.
Transit Swap is still making efforts to recover the remaining funds. Meanwhile, users urge the platform to take responsibility for the remainder of the fund if the hackers refuse to return it. This is because the breach is the fault of the Transit Swap platform.
The number of hacks which has occurred this year is alarming. The crypto industry has been dealt quite a blow amidst the prevalent extreme crypto winter. One of these exploits was from the Nomad bridge which led to the loss of $190 million in digital assets. Another was the loss of almost $625 million from the Axie Infinity Ronin bridge infringement.