Transit Swap, a multi-chain Decentralized Exchange (DEX) Aggregators lost around $21 million after hackers exploited internal vulnerabilities in swap contracts. Following the disclosure, Transit Swap apologized to users while working to track down and recover the stolen funds.
“We are deeply sorry,” Transit Swap said, while revealing that a bug in the code allowed hackers to steal an estimated $21 million. Blockchain investigator Peckshield narrowed the attack down to compatibility issues or false trust in swap contracts.
— Transit Exchange | Transit Buy | NFT (@TransitFinance) October 2, 2022
Peckshield joined other investigators, including SlowMist, Bitrace and TokenPocket, to track down the hackers. Transit Swap Statement:
“We now have a lot of valid information, such as the hacker’s IP, email address, and related on-chain addresses. We will do our best to track down the hacker and try to communicate with the hacker to help everyone recover their losses.”
The flow chart below depicting the flow of stolen assets was shared by Peckshield.
The ongoing investigation has hinted that the hackers may have made earlier withdrawals from known exchanges. Transit Swap pledged to share more details with the community in due course, adding that “thank you for your understanding and trust.”
Transit Swap has not responded to Cointelegraph’s request for comment.
In return for updated security measures implemented on crypto businesses, hackers continue to refine their methods to defraud investors.
— PeckShield Inc. (@peckshield) September 27, 2022