Decentralized exchange aggregator Transit Swap lost $21 million to an exploit after a hacker took advantage of an internal fault in its swap contract.
The multi-chain DEX announced this on Twitter while also apologizing for the exploit. “After a self-review by the TransitFinance team, it was confirmed that the incident was caused by a hacker attack due to a bug in the code. We are deeply sorry,” it said.
At the time of the announcement, It added that efforts are already underway to recover the stolen funds and it is working with SlowMist, PeckShield, Bitrace, TransitFinance, and TokenPocket security and technical teams to recover the funds.
The announcement also added that they have been able to get the hacker’s IP, email address, and associated on-chain addresses. Transit Swap also encouraged the hacker to get in touch to return the funds.
Hacker returned 70% of stolen funds
The effort appears successful because the latest update from Transit Finance confirmed that the hacker had returned 70% of the funds to two addresses. But efforts remain underway to recover the remainder of the funds.
Users have asked that Transit Swap cover the rest of the stolen funds if the hacker fails to return the remaining 30%. They claim this is only appropriate since the exploit was the DEX’s fault and would not have happened otherwise.
Hackers in full swing
Meanwhile, this exploit marks the third time in recent weeks that hackers took advantage of faulty code or bugs to exploit Defi protocols and blockchain addresses.
A few days ago, an MEV bot that made over a million in one arbitrage trade lost $1.45 million within an hour after a hacker exploited the bad code to approve a transfer.
With hackers getting more skilled in breaching blockchain protocols, the need for extensive security audits before deploying a code has never been more important.