How a Prompt Response Reclaimed $16.2 Million in a DEX Exploit

The Heist: How It All Went Down

On October 1, a hacker found the jackpot hidden away in the Transit Swap, a decentralized exchange (DEX) aggregator. Utilizing an internal glitch in the swap contract, they made off with a staggering $23 million. Talk about a bad day for the finance team! But hold your digital horses—thanks to a rapid response team, about 70% of those funds are headed back into the right pockets.

The Security Dream Team

In an unexpected twist of the plot, companies such as Peckshield, SlowMist, Bitrace, and TokenPocket jumped in to save the day. Within hours, they pieced together the hacker’s IP, email address, and even their sneaky on-chain addresses. It’s like Cybersecurity Avengers Assemble, but with less spandex and more crypto!

The Great Return

Just shy of 24 hours post-hack, the collective efforts bore fruit; the hacker returned roughly $16.2 million—approximately 70% of the loot! These funds came in various forms, including:

• 3,180 Ether (ETH) valued at about $4.2 million
• 1,500 Binance-Peg ETH worth $2 million
• 50,000 BNB, ringing in at $14.2 million

Heartfelt gratitude flowed from Transit Finance, highlighting the power of teamwork (or maybe just a fear of getting caught).

What Comes Next?

Transit Finance isn’t hitting the brakes. They are laser-focused on retrieving the remaining 30% and have deployed a “return strategy.” The team remains in communication with the hacker through their preferred methods: email and on-chain messaging. That’s right, they’re basically sliding into their DMs!

Root Cause Analysis: What Went Wrong?

A deep dive into the incident by SlowMist unveiled that the culprit exploited a flaw in Transit Swap’s smart contract code. Specifically, the vulnerability stemmed from the transferFrom() function. Apparently, the Protocol didn’t vet the data users submitted during token swaps, opening the door for bad actors to make a grand exit with users’ tokens.

“The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, leading to arbitrary external calls,” SlowMist explained. Who knew so much drama could come from a few lines of code?