Transit Swap, a multichain decentralized exchange aggregator, lost roughly $21 million after a hacker exploited an internal bug on a swap contract. Following the revelation, Transit Swap issued an apology to users with efforts to track down and recover the stolen funds currently underway.
“We are deeply sorry,” stated Transit Swap while revealing that a bug in the code allowed a hacker to make away with an estimated $21 million. Blockchain security firm PeckShield narrowed down the attack to a compatibility issue or misplaced trust in the swap contract.
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
Peckshield, along with other investigators, including SlowMist, Bitrace and TokenPocket joined in on the pursuit to track down the hacker. Transit Swap stated:
“We now have a lot of valid information such as the hacker’s IP, email address, and associated on-chain addresses. We will try our best to track the hacker and try to communicate with the hacker and help everyone recover their losses.”
The flowchart below depicts the flow of the stolen assets, as shared by PeckShield.
The ongoing investigation hinted that the hacker may have performed earlier withdrawals from known exchanges. Transit Swap has promised to share more details with the community in due time, adding, “Thank you for your understanding and trust.”
Transit Swap has not yet responded to Cointelegraph’s request for comment.
Related: Amber Group uses simple hardware to show just how fast, easy the Wintermute hack was
Reciprocating the updated security measures implemented by crypto businesses, hackers continue to evolve their methods to dupe investors.
#MEV A very profitable MEV bot, internally named as 0xbad, was somehow tricked/hacked with 1,101 ETH loss (~$1.45M) in the following tx: https://t.co/FxXSY8AyhX
— PeckShield Inc. (@peckshield) September 27, 2022
Recently, a hacker used an Ether (ETH) arbitrage trading bot to exploit a “bad code” vulnerability, draining 1,101 ETH, which was around $1.41 million at the time of writing.