Hacker returns nearly $19 million stolen on Transit Swap DeFi platform

Transit Swap — a cryptocurrency platform that calls itself a “decentralized exchange” — said a hacker has returned most of nearly $30 million that was stolen over the weekend. 

As of Monday, Transit Swap said the total amount procured in the heist was $28.9 million, with just under $19 million returned to the platform. 

All of the refunds were provided by the same hacker. Transit Swap said it is still investigating the incident in an effort to recover all of the stolen user funds.

“We hope that other hackers who participated in this incident will return the users' assets as soon as possible to avoid escalating the situation,” the company said, although it was unclear if other perpetrators are suspected. 

A spokesperson for the company told The Record that several security companies are working with them to track the incident and communicate with a hacker through email and on-chain methods. They provided links to the hacker’s wallets.

“The project team is rushing to collect the specific data of the users and formulate a specific return plan,” the spokesperson said.

The company warned of fraudsters who may use the incident to steal more data or private keys to crypto wallets. 

In a message on Saturday night, the company explained that the hacker took advantage of a vulnerability in their code to kickstart the attack. 

They worked with blockchain security firms PeckShield and SlowMist to obtain the hacker's IP, email address, and more information, pledging to communicate with the hacker for a return of the stolen funds. 

The attack comes only a week and a half after cryptocurrency company Wintermute was robbed of coins worth $160 million. Nomad — which offers a bridging service between different blockchains — said hackers had stolen nearly $200 million worth of assets in August.

On the blockchain, several messages are attached to the stolen funds being transferred away from — and then back to — Transit. 

The hacker appeared to be angered by a bug bounty offer, which is effectively a ransom price for the disclosure of the vulnerability and the return of the stolen funds. 

“If I attack other chains like FTM, TRON, POLYGON, I believe I can get $100 million. With reference to past Nomad and Wintermute events, I should get a higher bounty than what I get now. It's hard not to suspect that this is your official backdoor, and you should be happy that the exploit was done by me and no one else,” the hacker said in one message shared by PeckShield.

In a message hours later, the hacker changed their tune, thanking Transit and pledging to be better about communicating with victims during the next hack. 

“Based on the principle of improving the code security of the web3 world, I spent a lot of time and energy to audit the code of the project and successfully exploit this vulnerability,” the hacker said. “In the future, I will conduct friendly communication in advance based on the principle of bug bounty. Thanks!”

PeckShield noted that in September alone, 17 cryptocurrency attacks led to $171.3 million losses.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.