Transit Swap loses over $21M due to internal bug hack, issues apology
Transit Swap, a multi-chain decentralized exchange (DEX) aggregator, lost roughly $21 million after a hacker exploited an internal bug on a swap contract. Following the revelation, Transit Swap issued an apology to the users while efforts to track down and recover the stolen funds are underway.
“We are deeply sorry,” stated Transit Swap while revealing that a bug in the code allowed a hacker to make away with an estimated $21 million. Blockchain investigator Peckshield narrowed down the attack to a compatibility issue or misplaced trust in the swap contract.
pic.twitter.com/KJ7u5xoxBp
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022Peckshield, along with other investigators, including SlowMist, Bitrace and TokenPocket joined in on the pursuit to track down the hacker. Transit Swap stated:
“We now have a lot of valid information such as the hacker's IP, email address, and associated on-chain addresses. We will try our best to track the hacker and try to communicate with the hacker and help everyone recover their losses.”The flowchart below depicts the flow of the stolen assets, as shared by Peckshield.
The ongoing investigation hinted that the hacker may have performed earlier withdrawals from known exchanges. Transit Swap has promised to share more details with the community in due time, adding that “Thank you for your understanding and trust.”
Transit Swap has not yet responded to Cointelegraph’s request for comment.
Related: Amber Group uses simple hardware to show just how fast, easy the Wintermute hack was
Reciprocating the updated security measures implemented by crypto businesses, hackers continue to evolve their methods to dupe investors.
#MEV A very profitable MEV bot, internally named as 0xbad, was somehow tricked/hacked with 1,101 ETH loss (~$1.45M) in the following tx: https://t.co/FxXSY8AyhX
— PeckShield Inc. (@peckshield) September 27, 2022Recently, a hacker used an Ethereum (ETH) arbitrage trading bot to exploit a “bad code” vulnerability for draining 1,101 ETH, which was around $1.41 million at the time of writing.