In an examination of the incident, SlowMist determined that the hacker exploited a flaw in the smart contract code of Transit Swap, which allowed tokens to be transferred directly to the hacker’s address via the transferFrom() function.
An investigation into the $23 million hack of decentralized exchange aggregator Transit Swap has revealed that around 70% of the stolen funds have been returned.
On Oct. 1, an internal flaw occurred on the DEX aggregator’s swap contract, resulting in a quick response from Transit Finance’s team and security firms Peckshield, SlowMist, Bitrace, and TokenPocket, who were able to quickly identify the hacker’s IP, email address, and associated chain addresses.
It appears these efforts have already borne fruit, as less than 24 hours after the hack, Transit Finance noted that “with joint efforts of all parties” the hacker returned 70% of the stolen assets to two addresses, equating to roughly $16.2 million.
BscScan and EtherScan said that 3,180 Ether ($4.2 million), 1,500 Binance-Peg ETH and ($2 million) and 50,000 BNB ($14.2 million) came in this round.
📢📢📢Updates about TransitFinance
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
1/5 We are here to update the latest news about TransitFinance Hacking Event. With the joint efforts of all parties, the hacker has returned about 70% of the stolen assets to the following two addresses:
According to Transit Finance, the project team is currently working on gathering specific data concerning the stolen users in order to come up with a precise return plan. In addition, they are still trying to collect the last 30% of stolen money.
The security companies and project teams of all parties are still working hard to track the hacking incident and communicate with the hacker via email and on the blockchain at present. The team will continue to work hard to recover more assets,” the firm said.
An alleged $160 million crypto market maker has been hacked, according to reports.
SlowMist, a cybersecurity firm, analysed the hack and found that the smart contract code of Transit Swap was vulnerable, which allowed users’ tokens to be transferred directly to the attacker’s address.