On Sunday, the multi-chain decentralized exchange aggregator Transit Swap suffered an operation that resulted in losses of 23 million dollars. But fortunately, the project team succeeded recover 70% of the funds stolen on the same day with the help of various blockchain security companies, which facilitated the platform immediately after the incident.
Blockchain security companies that helped the Transit Finance team recover the stolen funds include SlowMist, Peckshield, TokenPocket and Bitrace. The experts worked out the email, IP and other addresses connected to the exploit chain.
Related reading: Coinbase, BlockFi see biggest layoffs in crypto sector, study shows
The hackers returned the project’s funds by sending 3,180 ETH, which is equivalent to $4.2 million. And 50,000 BNB coins worth about $14.2 million between 1,500 ETH from Binance-peg $2 million.
Cross bridge cheats on the rise
Cryptocurrency has seen immense growth in recent years. The widespread adoption of virtual assets further led financial organizations to use digital money in their businesses. However, while a large part of the financial sector has embraced the technology, there is still a lot to be done to ensure safety and transparency in the use of cryptocurrency.
In particular, about $2 billion in digital assets have been wiped out by cross-border bridge criminals by 2022, according to the blockchain research and security firm’s August report. Chain analysis. The percentage represents 69% of the total stolen funds.
However, a blockchain security company SlowMist, one of the investigators of the incident, has discovered in a statement that the attackers found a loophole in the Transit Swap smart contract code. The vulnerability is even directly related to the transferFrom() function that allowed the exploiter to exchange the user’s tokens to their account.
The main cause of this attack is that the Transit Swap protocol does not strictly verify the data passed by the user during token exchange, which leads to the problem of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal user-approved tokens for traffic exchange.
The traffic exchange is fighting to recover the remaining 30% of the funds
According to Transit Swap’s most recent announcement, the team is currently working to identify victim users who lost their funds so that the platform can issue a refund plan. At the same time, the group is also looking to recover the remaining 30% of its funds. And if the teams fail to recover the remaining funds, the company itself will return them to users.
Security companies and the company’s team continuously monitor the activity of the hacker. Security experts also communicate with the attacker via email and chain methods. So far, the miner has moved 2500 BNB to the Ethereum mixing app Tornado Cash to collect profits, according to MisTrack. In addition, the security company revealed that it used LATOKEN and other services to circulate funds on various platforms to withdraw anonymously.
Related reading: West African country Ghana set to become next crypto leader
The latest hack ranks as the second largest exploit after the Breach Wintermute of September 20, with losses of 160 million dollars. The company’s CEO, Evgeny Gaevoy, said the hack was related to DeFi wallets.
Featured image from Pixabay and chart from TradingView.com
