Decentralized exchange (DEX) aggregator Transit Swap lost approx $21 million after a hacker exploited a vulnerability on a swap contract.
The DEX posted an apology on Twitter. “After a self-review by the TransitFinance team, it was confirmed that the incident was caused by a hacker attack due to a bug in the code. We are deeply sorry,” added Transit Swap.
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
The firm also informed that it’s working with several investigators, including security company Peckshield, the Binance team, and Slowmist, to unearth the hacker behind the exploit.
PeckShield shared an infographic depicting the flow of the stolen assets.
At the time of the announcement, Transit Swap was able to collect some information about the hacker’s IP, email address, and associated on-chain addresses.
Several hours after the news broke out, the team at Transit Swap made another post stating that they were successfully able to recover about 70% of the funds and are trying to recover the entire corpus.
????????????Updates about TransitFinance
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
1/5 We are here to update the latest news about TransitFinance Hacking Event. With the joint efforts of all parties, the hacker has returned about 70% of the stolen assets to the following two addresses:
For affected users, Transit is the process of collecting data and will formulate a specific plan to return the assets.
“The team will continue to recover the remaining assets of hackers’ stolen assets and return them to the lost users,” stated the company.
According to SlowMist, the hack was front-run by an arbitrage bot, allowing the hacker to make a profit of 1.07 million $BUSD.
Transit Swap’s customers are demanding the DEX cover the remaining 30% of the funds if the hacker doesn’t return the entire corpus.