Transit Swap ‘hacker’ returns 70% of $23M in stolen funds

CoinTelegraph October 3, 2022
Updated 2022/10/03 at 6:46 AM
4 Min Read

A quick response from a number of blockchain security companies has helped facilitate the return of around 70% of the $23 million exploit of decentralized exchange [1](DEX) aggregator Transit Swap.

The DEX aggregator lost the funds after a hacker exploited an internal bug on a swap contract[2] on Oct. 1, leading to a quick response from Transit Finance team along with security companies Peckshield, SlowMist, Bitrace and TokenPocket, who were able to quickly work out the hacker’s IP, email address and associated-on chain addresses.

It appears these efforts have already born fruit, as less than 24 hours after the hack, Transit Finance noted that “with joint efforts of all parties” the hacker has returned 70% of the stolen assets to two addresses, equating to roughly $16.2 million.

These funds came in the form of 3,180 Ether (ETH[3]) ($4.2 million), 1,500 Binance-Peg ETH and ($2 million) and 50,000 BNB[4] ($14.2 million), according to BscScan[5] and EtherScan[6].

In the most recent update, Transit Finance stated that “the project team is rushing to collect the specific data of the stolen users and formulate a specific return plan” but also remains focused on retrieving the final 30% of stolen funds.

At present, the security companies and project teams of all parties are still continuing to track the hacking incident and communicate with the hacker through email and on-chain methods. The team will continue to work hard to recover more assets,” it said.

Related: $160M stolen from crypto market maker Wintermute[8]

Cybersecurity firm SlowMist in an analysis[9] of the incident noted that the hacker used a vulnerability in Transit Swap’s smart contract code[10], which came directly from the transferFrom() function, which essentially allowed users’ tokens to be transferred directly to the exploiter’s address.

“The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.”


  1. ^ $23 million exploit of decentralized exchange (
  2. ^ internal bug on a swap contract (
  3. ^ ETH (
  4. ^ BNB (
  5. ^ BscScan (
  6. ^ EtherScan (
  7. ^ October 2, 2022 (
  8. ^ $160M stolen from crypto market maker Wintermute (
  9. ^ analysis (
  10. ^ used a vulnerability in Transit Swap’s smart contract code (


This article was first published on

Share this Article