Hack Transit Finance: the hacker lets himself be softened and returns an additional $2.7 million

A hacker with a big heart – Hacks are the main scourge of the decentralized finance (DeFi). Fortunately, in some cases the protocols manage to reach an agreement with the hacker to return the funds. This is the happy ending that the Transit Finance protocol has just experienced.

$21 million stolen from Transit Finance

TransitFinance is a cross-chain decentralized finance protocol. This offers various products, including Transit Swap, its own DEX aggregator.

On October 1, the Transit Swap protocol found itself in the heart of turmoil after a attacker managed to steal the equivalent of 21 million dollars in the protocol pools.

In practice, a bug present in the code of one of the smart contracts allowed the attacker to siphon user wallets who had approved said smart contract.

Following initial investigations, the Transit Finance teams declared that they were on the trail of the hacker. Indeed, the latter held several pieces of information such as his IP, his email address as well as wallet addresses.

The day after the attack and after a few on-chain exchanges with the attacker, the teams managed to find an arrangement with the hacker. So this one had agreed to return 70% of the stolen funds. A total of $16.6 million had been returned and was to be redistributed to injured users.

>> To avoid smart contract hacks, there’s nothing like a Ledger key. Shipping costs are offered (commercial link) <<

New twist in the Transit Finance case

While for many this case would end there, it encountered an unexpected twist.

On October 10, the Transit Finance teams announced via a publication on their bloga full return of funds.

Indeed, a new deal was found with the hacker. Thus, he agreed to return an additional 10,000 BNB.

This return of funds will take place in two stages:

• A first transaction of 6,500 BNBhaving taken place on October 10;
• A second transaction of 3,500 BNBwhich will be carried out when the Transit Finance teams have carried out the second reimbursement phase.

“TransitFinance Official expresses its gratitude to the white hat for the refund and promises that if he returns the remaining 3,500 BNB as agreed, TransitFinance Official will no longer hold any legal liability to him. »

A situation that suits both parties. On the one hand, Transit Finance recovers the funds to reimburse its users. On the other, the hacker pockets a 2,500 BNB reward that is nearly $680,000.

Waiting for news from other hackers

Following the attack of our first hacker, other Internet users took advantage of the flaw before it was corrected.

Thus, Transit Finance has identified five more hackers. The amounts stolen are in comparison much lower.

Obviously, the Transit Finance teams are came into contact with these other hackers. Among them, 3 agreed to fully or partially reimburse the stolen funds. The protocol, however, remains without news of two attackers.

“At the same time, TransitFinance calls on hackers #3 and #6 to get in touch with protocol teams as soon as possible and refund users’ remaining assets. After October 12, 2022, the legal process will be officially launched for those who do not reimburse. »

Last week it was the turn of Token Hub Bridge of the BNB Chain from being the target of an attack. More than 500 million dollars have been stolen and the Binance teams embarked on a hacker hunt.

Weave between hacks and secure your assets by investing in a Ledger key, world leader in personal wallets. To preserve your purchasing power, the shipping costs are a gift (commercial link).