Transit Swap, a multi-chain decentralized exchange (DEX) aggregator, lost approximately $21 million after a hacker exploited an internal bug in an exchange contract. Following the revelation, Transit Swap apologized to users while efforts are underway to locate and recover the stolen funds.
“We are deeply sorry,” Transit Swap said as it revealed that a bug in the code allowed a hacker to save about $21 million. Blockchain researcher Peckshield narrowed the attack down to a compatibility issue or loss of trust in the exchange contract.
— Traffic exchange | Transit Buy | NFT (@TransitFinance) October 2, 2022
Peckshield, along with other researchers including SlowMist, Bitrace and TokenPocket, joined the search to track down the hacker. Transit Swap said:
“We now have a lot of valid information such as the hacker’s IP, email address and associated chain addresses. We will do our best to track down the hacker and try to communicate with the hacker and help everyone to recoup their losses.”
The flowchart below shows the flow of the stolen assets, as shared by Peckshield.
The ongoing investigation hinted that the hacker may have made previous withdrawals from known exchanges. Transit Swap has promised to share more details with the community in due course, adding that “Thank you for your understanding and trust.”
Transit Swap has not yet responded to Cointelegraph’s request for comment.
Related: Amber Group uses simple hardware to show how quick and easy the Wintermute hack was
Contrary to the updated security measures implemented by crypto companies, hackers continue to evolve their methods to deceive investors.
#MEV A very profitable MEV bot, internally named as 0xbad, was somehow cheated/hacked with a loss of 1101 ETH (~$1.45M) on the following tx: https://t.co/FxXSY8AyhX
— PeckShield Inc. (@peckshield) September 27, 2022
Recently, a hacker used an Ethereum (ETH) arbitrage trading bot to exploit a “bad code” vulnerability to drain 1,101 ETH, which was about $1.41 million at the time of writing.