- The assets have been returned to two addresses and equal to over 16.2 million.
- The funds have been received as ETH, BNB and Binance-pegged ETH.
- Transit Swap is gathering data to create a refund plan for users.
Out of the $23 million exploit funds of DEX aggregator Transit Swap, over 70% have returned, thanks to the on-time response from multiple blockchain security firms.
On October 1, a hacker exploited an internal flaw on a swap, leading to DEX aggregator losing hefty funds.
Security firms such as SlowMist, TokenPocket, Peckshield and Bitrace showed up with timely responses. Quite quickly, the companies worked out the IP, associate-on chain addresses and email address of the hacker.
In less than 24 hours of the hack, the collaborative efforts of all companies pushed the hacker to return 70% of the assets they stole.
The funds have returned as 50,000 BNB or $14.2 million, 3,180 ETH or $4.2 million and 1,500 Binance-Peg ETH and ($2 million).
📢📢📢Updates about TransitFinance— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
1/5 We are here to update the latest news about TransitFinance Hacking Event. With the joint efforts of all parties, the hacker has returned about 70% of the stolen assets to the following two addresses:
Currently, the project team is gathering the data of the victims and creating a return plan. Together with this, the team is also determined to get back the remaining 30% funds.
Both the security firms and project teams of each party are tracking the hacking activity besides interacting with the hacker via on-chain and emails.
According to SlowMist, the hacker utilized a vulnerability in the smart contract code of Transit Swap and since it belonged to the transferFrom() function, it became easy for the hacker to transfer users’ tokens to their own address.
Concluding the major reason behind the attack, the Transit Swap protocol is not effective in terms of checking the data strictly that’s transferred during token swap by the user; thus, causing arbitrary external calls. This arbitrary external call bug was exploited by the attacker and the tokens approved for Transit Swap by the user were stolen.