Cryptocurrency
DeFi
Exchanges
Stablecoins
NFTs
Wallets
Bitcoin
Ethereum
Tokens
ICOs
IEOs
Technology
Crypto
Banking
Supply Chain
Security
Healthcare
Mining
AI
Advertising
Gaming
Retail
Education
Analytics
Hosting
Business
Partnerships
Investments
Adoption
Acquisitions
Conferences
IPOs
Legal
Lawsuits
Patents
Politics
Fraud
Research
Guides
Opinion
Cryptocurrency
Technology
Business
Legal
Politics
Fraud
Research
Guides
Opinion
The Chain Bulletin logo

70% of Stolen Funds Returned to Transit Swap

  • A hacker exploited a bug in Transit Swap’s contract on Sunday, enabling him to steal roughly $28.9 million in tokens from the DEX aggregator.
  • Less than 24 hours after the incident the attacker had already returned 70% of the stolen funds thanks to the quick response of PeckShield, Bitrace, SlowMist, and TokenPocket.
by Krasimir Buchvarov October 3, 2022, 11:28 AM
hacker

Shutterstock

The hacker who stole around $28.9 million in tokens from multi-chain decentralized exchange (DEX) aggregator Transit Swap has returned 70% of the funds less than 24 hours after the attack, the aggregator said via Twitter on 2 October.

Early on Sunday the team behind Transit Swap revealed they had paused all services and “completely suspended” its contract after finding the DEX aggregator was attacked by hackers, who were able to steal roughly $28.9 million in tokens. After a review of the incident, the Transit Swap team issued an apology to its community, and admitted that the hacker had exploited an internal bug on the swap contract.

Blockchain security companies PeckShield, Bitrace, SlowMist, and TokenPocket quickly responded to the incident, and with their help the DEX aggregator was able to acquire relevant information on the attacker, such as his IP, email address, and associated on-chain addresses.

Less than 24 hours after the attack happened, Transit Swap revealed that with the “joint efforts of all parties” the hacker had returned roughly 70% of the stolen assets to two addresses. According to blockchain data, the hacker has so far returned 3,180 Ether (ETH), 1,500 Binance-Peg ETH, and 50,000 BNB.

Transit Swap noted it is continuing to monitor the situation and is keeping in touch with the hacker through email and on-chain methods, with a focus on retrieving the remaining 30% of the stolen funds. The DEX aggregator is currently “rushing to collect specific data” on the affected users, and formulate a recovery plan.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Kroll Data Breach Compromises FTX, BlockFi Customer Information
  • A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
  • Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.