On Sunday, the multichain decentralized exchange aggregator Transit Swap suffered an exploit resulting in $23 million losses. But fortunately, the project’s team managed to recover 70% of the stolen funds on the same day with the help of several blockchain security firms, which facilitated the platform immediately after the incident.
The blockchain security firms which assisted the Transit Finance team in recovering stolen funds include SlowMist, Peckshield, TokenPocket, and Bitrace. Experts worked out the exploiter’s email, IP, and other connected on-chain addresses.
Hackers returned the project’s funds sending 3,180 ETHs, equating to $4.2 million. And 50,000 BNB coins worth around $14.2 million among 1,500 Binance-peg ETHs of $2 million.
Cross-Bridge Hacks On The Rise
Cryptocurrency has seen immense growth in recent years. Mainstream adoption of virtual assets further led financial organizations to use digital money in their businesses. However, although a large part of the finance sector has adopted the technology, it still remains to do much to ensure safety and transparency in cryptocurrency use.
Notably, around $2 billion worth of digital assets has been wiped out by criminals from cross-border bridges in 2022, per August’s report by blockchain research and security firm, Chainalysis. The percentage represents 69% of the total stolen funds.
Nevertheless, blockchain security firm SlowMist, one of the investigators of the incident, has uncovered in a statement that attackers find a loophole in Transit Swap’s smart contract code. Even the vulnerability directly relates to the transferFrom () function that enabled the exploiter to swap the user’s tokens in his account.
The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.
Source : bitcoinist
Bitcoin news portal providing breaking news, guides, price analysis about decentralized digital money & blockchain technology.
