Whitehat Hacker Responds to Transit Swap Call For Refund


Multi-chain decentralized exchange (DEX) aggregator Transit Swap has been communicating with the biggest hacker in its over $21 million attack. Consequently, the hacker has agreed to refund the remaining users’ funds in his possession hijacked from the Transit Swap protocol. 

Upon investigations, it was ascertained that the exploitation was perpetrated by different entities. The bad actors involved in the act comprised imitators, an arbitrageur, and a whitehat hacker.

It appears to be that the whitehat hacker is the one with the largest loot. The attack happened at the beginning of this month and caused a loss of over $21 million in cryptocurrency. 

After analyzing the exploitation, it was discovered that the hackers leveraged an internal vulnerability in its swap contract. Immediately, the cross-chain swapping platform apologized to its users and also took the blame for the code bug. 

A few security outfits like SlowMist, Bitrace, TokenPocket, PerkShield, and TransitFinance technical teams were alerted to join the investigation process. At once, whistleblower PerkShield uncovered a trail showing the movement of the funds from different exchanges and digital assets-related firms.

On the other hand, SlowMist traced 2,500 Binance Coin (BNB) of the funds to Tornado Cash which is currently under the sanction of the United States government. In the end, Transit Swap uncovered the hacker’s IP, email address, and associated on-chain addresses. In the few hours which followed the hack, about 70% of the funds were returned to the protocol. 

Whitehat Hacker Returns 6,500 BNB

Ever since Transit Swap has been communicating with the whitehat hacker to refund the remaining funds.

The whitehat hacker agreed to return 6,500 BNB yesterday. According to him, the remaining 3,500 BNB will only be refunded when Transit Swap initiates a second refund. The 2,500 BNB which was transferred to Tornado Cash is his bounty for digging out Transit Swap security vulnerability.

Transit Swap has expressed its gratitude to the whitehat hacker. It has also promised that no judiciary actions will be taken against him if he finally refunds the 3,500 BNB.

The imitators and arbitrageur have been asked to get in touch and return the funds in their possession. Failure to do so before October 12th, 2022 will attract legal action against them. 

Victoria Nye
A Blockchain columnist who is enthusiastic about developing a network interface between the real world and the cryptosphere.

Related Articles

Stay Connected


Latest Articles

%d bloggers like this: