The decentralized exchange Transit Swap was the next crypto project to fall victim to recent hacks. On October 1, a hacker exploited a vulnerability in the Transit Swap code to steal funds from user accounts. However, within 24 hours, TransitFinance, the team behind Transit Swap, claimed that it retrieved most user funds.
According to statistics in a recently posted announcement by the decentralized exchange, the amount hacked was $28.9 million, with approximately $18.9M returned.
Transit Swap stated, “The incident is still being investigated and resolved, and we will continue to communicate and work hard to recover additional assets for users.”
Bug In The Code
The funds were lost after a hacker exploited an internal bug on a swap contract on October 1.
After the exploit, the TransitFinance team announced that it employed the help of security firms SlowMist, Bitrace, and TokenPocket. In the end, they quickly identified the hacker’s IP, email address, and associated-on chain addresses.
Less than 24 hours after the hack, TransitFinance reported that “with the combined efforts of all parties,” the hacker had returned 70% of the stolen assets to two addresses, totalling approximately $16.2 million.
SlowMist, one of the security firms enlisted to track down the hacker, stated in a Twitter thread that the “Transit Swap hacker was front-run by an arbitrage bot when he transferred BUSD assets from the user on the BSC chain, block height 21816885, and made a profit of 1.07 million BUSD”.
Return Of User Losses
The hack impacts not only the DEX and its reputation within the ecosystem but also its users. In regards to this hack, Transit Swap stated that although no specific plan has been made to return user funds, it is working to gather the remainder of stolen funds and collect data on user losses to make a specific return plan.
To affected users, TransitSwap states, “Due to a large number of users and funds affected by the incident, the relevant hacked data will be publicized within 2 days, and the return plan will be improved. We will properly return the user assets as soon as possible. We sincerely appreciate all the users’ trust and patience.”
So far, the majority of funds returned have been in the form of ETH, wETH, and BNB.
The news comes as other crypto hacks in recent weeks have made headlines where hackers have exploited DeFi protocols and blockchain addresses by exploiting faulty code.
In Mid-September, an MEV bot that made over a million dollars in one arbitrage trade lost $1.45 million in less than an hour after a hacker used defective code to approve a transfer.
Just last week, another hack targeting vanity addresses made using Profanity stole over 700 ETH from users.
More on Hacks: Proposal To Pay Victims oF Rari Capital Passes On-chain