Transit Swap hacker returned 78% of the stolen $28.9 million but kept a few million in tips

Decentralized exchange (DEX) Transit Swap was compromised by an anonymous hacker who withdrew more than $28.9 million in cryptocurrencies in total. Interestingly, the villain soon recovered about 78% of the stolen funds ($24.1 million).

Affected users were left on the edge.

However, the affected users have not yet received a penny of the refund, as Transit Swap’s team is rushing to collect the specific data of the stolen users and formulate a particular return plan.

“Due to the large number of users and funds affected by the incident, the relevant hacked data will be publicized within two days, and the return plan will be improved. We will properly return the user assets as soon as possible. We sincerely appreciate all the users’ trust and patience,” Transit Finance said in its statement.

The project team also said the hack was successful because of a bug in the code and has already gathered a lot of reliable information about the perpetrator’s identity, such as the hacker’s IP address, email address, and related addresses on the chain. TransitSwap added that the cyber villain returned funds to six addresses.

Hacker used to return funds through the so-called mixer, Tornado Cash. It’s a decentralized protocol that allows transactions to be anonymized on the Ethereum network and several other blockchains. That means that it is impossible to trace the sender through it.

Binance said that the rapid return of assets was achieved thanks to reports from several blockchain security companies, Peckshield, SlowMist, Bitrace, and TokenPocket. But the attacker decided to pocket the remaining 30 percent of the cryptocurrency. Probably as a reward for discovering the vulnerability.

One of the biggest crypto thefts

In their message, the hacker hinted that they could have gotten $100 million. And they mentioned the big hacks: the Nomad bridge ($190 million stolen) and Wintermute ($160 million stolen). It is not clear if he was behind these events.

“I don’t believe you because you are not sincere. I only mine ETH and BSC chains. If I attack other chains like FTM, TRON, Polygon, I believe I can get $100 million. With that refer to the past events of Nomad and Wintermute, I will get a higher bounty than what I get now. It’s hard not to suspect that this is your official backdoor, and you should be glad the exploit was done by me and no one else,” said the cyber villain in a message quoted by Binance.

The market didn’t notice

According to Coinbase, despite such threats to take advantage of the weaknesses, the coin value and trading volume of Polygon (MATIC) and Fantom (FTM) grew over the last 24 hours — $0.79 or +2.38% and $0.22 or +0.54%, respectively. At the same time, TRON (TRX) indicators worsened: $0.0611 or -0.20%.