Transit Swap managed to avoid losses from a hacker attack

The hacker transferred cryptocurrencies to the Tornado Cash mixer: 4,680 $ETH ($6.2 million) and 50,000 $BNB ($14.2 million). The problem was quickly resolved thanks to companies specializing in crypto security, namely SlowMist, Bitrace, PeckShield, TokenPocket and TransitFinance. Also, the funds return became possible due to the fact that the hacker left a “digital footprint” behind. Transit Swap was able to identify his IP and email.

SlowMist initially reported a loss of 1.07 million $BUSD. Later they noted that the total amount of stolen funds was $23 million.

Transit Finance, the parent company of Transit Swap, is currently working with partners to recover the remaining 30% of illegally withdrawn funds. They are monitoring the situation and continue to negotiate with the hacker.

The decentralized exchange's clients demand reimbursement of their losses if the scammer does not return the rest.

Let us remind you that on October 1st, a hacker published an internal error in the smart contract code and used it to steal cryptocurrency. SlowMist, a cybersecurity firm, said the bug originated within the “transferFrom()” function. With its help, the hacker transferred tokens belonging to users directly to his address.

However, the main hacking factor is the lack of strict security checks of transaction data by the Transit Swap protocol. As a result, “arbitrary external calls” may occur, and the hacker took advantage of it.

This is the second sensational story of the cryptocurrency theft in the last two weeks. On September 20th, $160 million was stolen from the Wintermute platform. The hacker withdrew funds from DeFi operations using a special program that exploited a vulnerability at the smart contract level.