On Sunday, the multichain Decentralized exchange aggregator Transit Swap suffered an exploit resulting in $23 million losses.
But fortunately, the project’s team managed to recover 70% of the stolen funds on the same day with the help of several blockchain security firms, which facilitated the platform immediately after the incident.
The blockchain security firms which assisted the Transit Finance team in recovering stolen funds include SlowMist, Peckshield, TokenPocket, and Bitrace.
Experts worked out the exploiter’s email, IP, and other connected on-chain addresses.
Cross-Bridge Hacks On The Rise
Cryptocurrency has seen immense growth in recent years. Mainstream adoption of virtual assets further led financial organizations to use digital money in their businesses.
However, although a large part of the finance sector has adopted the technology, it still remains to do much to ensure safety and transparency in cryptocurrency use.
Notably, around $2 billion worth of digital assets has been wiped out by criminals from cross-border bridges in 2022, per August’s report by blockchain research and security firm, Chainalysis.
The percentage represents 69% of the total stolen funds.
Nevertheless, blockchain security firm SlowMist, one of the investigators of the incident, has uncovered in a statement that attackers find a loophole in Transit Swap’s Smart contract code.
Even the vulnerability directly relates to the transferFrom () function that enabled the exploiter to swap the user’s tokens in his account.
The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.
Transit Swap Struggles To Recover Remaining 30% Funds
Per the most recent announcement by Transit Swap, the team is currently working on identifying victim users who lost their funds so that platform can issue a reimbursement plan.
Simultaneously, the group also seeks to recover the remaining 30% of its funds. And if the teams fail to recover the remaining funds, the company itself will pay them back to users.
Security firms and the company’s team continuously track the hacker’s activity. Security experts are also communicating with the attacker through email and on-chain methods.
So far, the exploiter has moved 2500 BNB to Ethereum mixer app Tornado Cash to cash out profits, per MisTrack. In addition, the security company revealed that he used LATOKEN and other services to circulate funds on several platforms to withdraw anonymously.
The latest hack takes place as the second biggest exploit after the Wintermute breach of September 20, resulting in $160 million in losses. The company’s CEO, Evgeny Gaevoy, said that hack was related to the DeFi wallets.