Transit Swap, a multi-chain decentralized exchange (DEX) aggregator, lost roughly $21 million after a hacker exploited an internal bug on a swap contract. Following the revelation, Transit Swap issued an apology to the users while efforts to track down and recover the stolen funds are underway.
“We are deeply sorry,” stated Transit Swap while revealing that a bug in the code allowed a hacker to make away with an estimated $21 million. Blockchain investigator Peckshield narrowed down the attack to a compatibility issue or misplaced trust in the swap contract.
Peckshield, along with other investigators, including SlowMist, Bitrace and TokenPocket joined in on the pursuit to track down the hacker. Transit Swap stated:
“We now have a lot of valid information such as the hacker's IP, email address, and associated on-chain addresses. We will try our best to track the hacker and try to communicate with the hacker and help everyone recover their losses.”
The flowchart below depicts the flow of the stolen assets, as shared by Peckshield.
The ongoing investigation hinted that the hacker may have performed earlier withdrawals from known exchanges. Transit Swap has promised to share more details with the community in due time, adding that “Thank you for your understanding and trust.”
Reciprocating the updated security measures implemented by crypto businesses, hackers continue to evolve their methods to dupe investors.
Recently, a hacker used an Ethereum (ETH) arbitrage trading bot to exploit a “bad code” vulnerability for draining 1,101 ETH, which was around $1.41 million at the time of writing.