Popular decentralized exchange (DEX) aggregator; Transit Finance has reached an agreement with white hat #1, the biggest hacker for the refund of users’ funds. The protocol announced the development in its Monday blog post. According to Transit Finance, the hacker agreed to return 6,500BNB from the stolen funds today.
More so, the protocol said the hacker further accepted to refund another 3,500BNB when TransitFinance Official initiates the second phase of refunds. As revealed, Transit Finance also agreed that the hacker keeps 2,500 BNB as a bounty for this event.
The genesis of the exploitation of Transit Finance
Recall that Transit Finance endured the exploitation on its network on October 1. The attack, as reported, led to the loss of about $23 million. Its exploiter capitalized on an internal bug to carry out the attack. Notably, the attack highlights increasing concerns about the vulnerability of DeFi platforms to cyber attacks.
Shortly after the news of the exploitation dominated the airspace, the Transit Finance team commenced a quest to reclaim the stolen funds. To achieve this, numerous blockchain security firms volunteered to assist Transit Finance recover the funds. These firms namely, Peckshield, Bitrace, TokenPocket, and SlowMist tracked the hacker’s IP, email address and other on-chain addresses.
According to SlowMist, “the root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.”
The refunds of 70% of the stolen funds
Notably, the efforts by Transit Finance team yielded well after white hat #1 first returned about 70% of the funds. This refund manifested barely 24 hours after the exploitation. As announced, the hacker returned $16.2 million of the stolen assets to two addresses. More so, BscScan and EtherScan confirmed the refund. According to BscScan, the hacker repaid 50,000 BNB worth $14 million, 3,180 Ether worth about $4.2 million, and 1,500 Binance-Peg ETH, which is $2 million.
After this development, Transit Finance team still reiterated its commitment to recovering the remaining funds. Now, after a friendly communication with the hacker, both parties reached a consensus on the return of the remaining funds and the bounty attached. Notably, the team expresses its gratitude to white hat #1 for the refund. More so, it promised not to hold the hacker accountable if he refunds the remaining 3500BNB as agreed.