Oct 03, 2022 Frank Stewskid
Blockchain security firms' joined efforts uncovered the identity of the TransitSwap exploiter
Blockchain security firms have been working hard over the weekend, helping TransitSwap reveal the identity of an attacker who made off with about $21 million after exploiting a bug in the platform’s code on Saturday, October 1.
The attack happened due to a “composability issue with or misplaced trust on the swap contract” of the platform according to PeckShield, which was one of the first to report on the incident. Later, other companies such as SlowMist, Bitrace, and TokenPocket joined efforts to trace the attacker’s identity. The security experts managed to find out the hacker’s alleged IP, email address, and other on-chain addresses previously used by them, as revealed by TransitSwap’s official Twitter profile.
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
SlowMist further revealed that the exploiter was front-run by an arbitrage bot when transferring BUSD assets, and advised the bot’s owner to contact the TransitSwap team in an effort to minimize the platform’s losses.
Less than 24 hours after the attack, TransitSwap shared that the attacker has returned nearly 70% of the stolen assets on Ethereum and BNB Smart Chain. The funds are to be moved to new addresses on both networks for security reasons. As the efforts to mitigate the damage are still ongoing, the exchange urged the attacker to contact it via email or on-chain.
📢📢📢Updates about TransitFinance
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
1/5 We are here to update the latest news about TransitFinance Hacking Event. With the joint efforts of all parties, the hacker has returned about 70% of the stolen assets to the following two addresses:
Today, PeckShield shared that the TransitSwap hacker has sent a message via a transaction on the BNB Smart Chain to the exploited exchange’s team. In it, the attacker claims that they could have gotten away with $100 million had they attacked other chains such as Fantom, Tron, and Polygon and believe they deserve a higher bounty, referencing the attacks on the Nomad Bridge and Wintermute. Furthermore, they shared suspicions about the TransitSwap team’s sincerity, expressing doubts that the exploited bug may have been an “official backdoor”.
