The decentralized cross-chain exchange Transit Swap has lost about $21 million in a hacker attack. The attacker exploited a bug in the service’s smart contract.
1/2 According to the analysis of data on chain, TransitSwap has been attacked by hackers. The technical team has urgently suspended the service, and the contract has been completely suspended, no operations can be performed.
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 1, 2022
“According to on-chain data analysis, Transit Swap has been attacked by a hacker. The technical team urgently suspended the service and the smart contract; no operations on the platform can be performed,” the statement said.
The project team said that the hacker returned about 70% of the stolen funds. The attacker was asked to contact the developers.
📢📢📢Updates about TransitFinance
1/5 We are here to update the latest news about TransitFinance Hacking Event. With the joint efforts of all parties, the hacker has returned about 70% of the stolen assets to the following two addresses:— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
Later, Transit Swap explained that the attacker exploited a bug in the project’s codebase. According to PeckShield researchers, the exploit is linked to the smart contract responsible for swap operations.
🚨 🚨 🚨 It seems there is a composability issue with or misplaced trust on the swap contract of @TransitFinance that just results in the loss of >$15M. The stolen funds are located at: https://t.co/NRwWJncFpl pic.twitter.com/j8mgySbRRF
— PeckShield Inc. (@peckshield) October 1, 2022
Analysts estimated the value of the stolen assets at about $21 million.
Here comes the flow of stolen assets w/ the cost of ~$21M. @0xTransition Note the hacker may have performed earlier withdrawals from known exchanges. https://t.co/cZhQk2fotf pic.twitter.com/eGGFiD0LIW
— PeckShield Inc. (@peckshield) October 2, 2022
The developers noted that SlowMist and other security-focused blockchain-service providers were brought in to investigate the incident.
3/4 we now have a lot of valid information such as the hacker’s IP, email address, and associated on-chain addresses. We will try our best to track the hacker and try to communicate with the hacker and help everyone recover their losses.
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
“We now have more verified information such as the hacker’s IP address, email address, and affiliated on-chain addresses. We will do our best to track the hacker, contact him, and help everyone recover their losses,” said Transit Swap.
Earlier in September 2022, market maker Wintermute lost assets worth $160 million in a hacker attack.
Follow ForkLog’s Bitcoin news on our Telegram — crypto news, prices and analysis.