A hacker this morning returned 70% of the $23 million that was stolen from the decentralized exchange (DEX) Transit Swap on Saturday.
The cross-chain DEX yesterday revealed that the hacker took advantage of a bug in its code, which the company identified in a self-review.
"After a self-review by the Transit Finance team, it was confirmed that the incident was caused by a hacker attack due to a bug in the code. We are deeply sorry," tweeted Transit Swap.
Transit Finance is the name of the larger crypto project, of which Transit Swap is one product. The project also has an NFT marketplace.
— Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022
It also appears that the hacker left behind a considerable trail, with Transit Swap saying it had identified the hacker’s IP, email address, and associated on-chain addresses with the help of crypto security companies SlowMist, Bitrace, PeckShield, TokenPocket, and TransitFinance.
The hacker had reportedly transferred 2,500 Binance Coin (BNB), or $710,000 at today’s prices, to Tornado Cash, the beleaguered cryptocurrency “tumbler” at the center of a legal battle between crypto investors, Coinbase and the U.S. Treasury.
The Transit Swap team said in a Medium post announcing the attack that the hacker had been depositing and withdrawing funds from crypto exchange LATOKEN, among other platforms.
Transit Swap earlier tweeted it was working with users to formulate a return plan for the stolen funds.
Crypto hacks on the rise
The hack followed the massive $160 million stolen from algorithmic market maker Wintermute two weeks ago, with crypto analysis firm Chainalysis reporting $1.9 billion worth of hacks for the period ending in July, an increase of almost 60% over last year’s numbers.
But the crown for this year’s most high-profile hack, so far, goes to the $622 million taken from blockchain game Axie Infinity in March, which saw more than 173,000 WETH siphoned off.
Still, crypto crime in the form of scams was down 15% for the year, according to Chainalysis, compared to the 36% decrease in legitimate transactions following the crypto crash earlier this year.
The firm said that a combination of declining token prices and the lack of new, unsuspecting crypto users might have made scams less enticing to carry out.