New week, new attack – The decentralized finance ecosystem is constantly the target of computer attacks. Thus, every week hackers detect vulnerabilities allowing them to steal millions of dollars from users. Whether on Ethereum or on other EVM-compatible chains, no blockchain is spared.
$21 million stolen from Transit Swap
Transit Swap is a cross-chain decentralized exchange aggregator. Thus, the protocol integrates the most popular DEXs across multiple blockchains. In practice, this makes it possible to perform swaps on the most profitable platform and channel.
Unfortunately, on Saturday October 1, PeckShield teams alerted the community that an attack had been detected. At the time of the announcement, the amount stolen was estimated at $15 million. This amount will then be reassessed upwards with a total loss of $21 million.
“It would appear that a composability or misplaced trust issue has been detected in TransitFinance’s swap contract. This resulted in the loss of >$15M. »
Two hours after PeckShield’s announcement, Transit Swap teams paused the contract to protect remaining funds and conduct the investigation.
It quickly emerged that the attack had been made possible by a bug in the code. Thus, as the report our colleagues from Rektthe attacker was able to siphon the wallets of users who approved the Transit Swap swap contract.
“Although the vulnerability was in the project’s code, this attack directly targeted users via a vulnerability in the use of the transferFrom() function. All tokens approved on Transit Swap could be directly transferred from users’ wallets to the hacker’s address. »
In practice, the attacker carried out his attack on the Ethereum and BNB Chain blockchains. If you used the Transit Swap protocol, it is imperative to revoke approvals through the tool Revoke.cash.
>> Looking for bold returns for your cryptos? Register on AscendEX (commercial link) <<
70% of funds returned
Subsequently, the Transit Swap teams, supported by those of SlowMist, Bitrace, PeckShield and TokenPocket, undertook an investigation to find the trace of the attacker.
Quickly, a lot of information such as IP, email and wallet addresses could be identified. At the same time, Transit Swap undertook a communication with the hacker via on-chain transactions. Unsurprisingly, the latter ask the hacker to return the funds in exchange for a reward.
“As part of the project, we are willing to give out additional bug discovery bounties, and hope to have more friendly and specific communication with you. »
Message to which the hacker has answeredshowing its willingness to negotiate.
“Based on the principle of improving the security of the code of the web3.0 world, I spent a lot of time and energy to audit the code of the project, and successfully exploited this vulnerability. In the future, I will conduct friendly communication in advance, according to the principle of bug bounty. Thanks ! »
Subsequently, the hacker carried out several transactions on the BNB Chain and Ethereum, returning:
- 1,499 WETH and 37,000 BNB on the BNB Chain;
- ETH 3,180 on Ethereum.
In total, these are $16.6 million in cryptocurrency returned by the attacker, or about 70% of his larceny.
Repayment plan
From now on, Transit Finance teams will have to return stolen funds to users harmed by the attack.
“With regard to the return of user losses:
1. The project team is scrambling to collect specific stolen user data and formulate a return plan.
2. The team will continue to recover the rest of the assets stolen by the hacker and return them to lost users. »
Unfortunately, not all hack stories end that way. Indeed, 160 million dollars were stolen from Wintermute without the platform being able to find an agreement with the hacker.
When the GAFAM look at cryptos, they don’t forget to take their piece of the cake! Want juicy yields too? Go register on the AscendEX platform and participate in the Earn program (commercial link).
