Transit Swap, a multichain decentralized exchange aggregator, was exploited on Sunday, likely to result in a $23 million loss. However, with assistance from several blockchain security firms, the project's team could retrieve 70% of the funds stolen within the same day.
SlowMist, Peckshield, TokenPocket, and Bitrace were among the blockchain security firms that assisted the Transit Finance team in restoring stolen funds. Experts determined the exploiter's email address, IP address, and other on-chain addresses.
Hackers restored the project's funds, totaling $4.2 million, by sending 3,180 ETHs. 50,000 BNB coins worth approximately $14.2 million and 1,500 Binance-pegged ETHs worth $2 million.
Cross-Bridge Hacking Is Increasing
In recent years, cryptocurrency has experienced tremendous growth. The widespread acceptance of virtual assets prompted financial institutions to use digital money in their operations. Although a large portion of the financial sector has embraced the technology, much remains to be done to guarantee the security and transparency of cryptocurrency use.
Notably, criminals wiped out around $2 billion in digital assets from cross-border bridges in 2022, according to a report released in August by blockchain research and security firm Chainalysis. This percentage accounts for 69% of all stolen funds.
Nonetheless, SlowMist, a blockchain security firm that was one of the incident's investigators revealed in a statement that hackers discovered a loophole in Transit Swap's smart contract code. Even the vulnerability is directly related to the transferFrom () function, which allowed the exploiter to swap the user's account tokens.
Recouping the remaining 30% of its funds
According to the most recent Transit Swap announcement, the team is currently focusing on recognizing victim users who have lost their funds for the platform to issue a repayment plan. At the same time, the group is attempting to recover the remaining 30% of its funds. The company will reimburse users if the teams cannot retrieve the remaining cash.
Security firms and the company's team constantly monitor the hacker's activity. Security experts are also interacting with the attacker via email and on-chain techniques. According to MisTrack, the exploiter has transferred 2500 BNB to the Ethereum mixer app Tornado Cash to cash out profits.
Furthermore, the security firm disclosed that he used LATOKEN and other offerings to disperse funds on various platforms to withdraw anonymously.
The latest hack is the second largest hacking after the Wintermute breach on September 20, which resulted in $160 million in losses. The company's CEO, Evgeny Gaevoy, stated that the hack was linked to the DeFi wallets.
How do you think the transit system can improve its security to prevent exploits in the future? Let us know your comments by sharing this article on social media.