Hacker has returned about 70% of the $23 million stolen from decentralized exchange (DEX) aggregator; Transit Swap. According to the firm, the hacker returned $16.2 million of the exploited assets to two addresses.
As revealed by BscScan and EtherScan, The hacker repaid 50,000 BNB worth $14 million, 3,180 Ether worth about $4.2 million, and 1,500 Binance-Peg ETH, which is $2 million. The development emanated within 24 hours after the exploitation.
Recall that Transit Swap suffered exploitation on October 1, claiming about $23 million. The hacker leveraged an internal bug to carry out the attack. Notably, the attack highlights increasing concerns about the vulnerability of DeFi platforms to cyber attacks.
Efforts of Transit Finance and other firms to reclaim the funds
Meanwhile, immediately after the reports of the attack surfaced, the Transit Finance team began a quest to reclaim the stolen funds. Further, a host of blockchain security firms offered support to reclaim the funds. These firms namely, Peckshield, Bitrace, TokenPocket, and SlowMist tracked the hacker’s IP, email address and other on-chain addresses.
However, despite the recent development, Transit Finance emphasized that it won’t give up on the remaining funds. Also, the Transit Finance team disclosed that it’s working on collecting data of the hacker and work on recovering more of the funds. Currently, the collective efforts of the security firms and the team is aimed to contact the hacker through email and on-chain networks.
Additionally, SlowMist added that “The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.”
Increasing attack on DeFi platforms
There are growing concerns about the vulnerability of Decentralized Finance to hacks. Within 2022 alone, the DeFi platforms has lost about $2.3 billion to hacks. Popular blockchain analytical firm, PeckShield disclosed that DeFi platforms has been attacked more than 135 times in 2022 excluding the recent one on Transit Swap.
The largest of these attacks is the one on Ronin Bridge that took place around March 23. The attacker exploited about $620 million worth of ETH and USDC. Undoubtedly, the crypto space is more united than ever in fighting the hacks on DeFi platforms. These efforts played a prominent part in the recovery of the stolen funds from Transit Swap.