TransitSwap Gets Exploited, Loses up to $20 Million
A cross-chain trading venue aggregator, TransitSwap (which is supported on the behalf of TokenPocket), just got hacked. As a result of this incident, an amount of nearly $20 million has been lost by the platform. TokenPocket is considered among the biggest wallets present within the region of China.
Exploiter Attacked TransitSwap and Took away $20M
Slowmist, known as a tech company focused on the ecological security of the blockchains, studied the incident and expressed that TransitSwap had been negligent in this respect. As per Slowmist, the hacked venue did not show any strictness in checking the data offered by the consumer during the exchange of the tokens. This was the thing, according to Slowmist, which became the reason responsible for the issue related to arbitrary outside calls.
It added that the entity involved in the exploitation of the venue was enough conscious of targeting the issue of arbitrary outside calls. Thus, he did so and remained successful to carry out an attack. As a consequence of that, the exploiter stole out the tokens – which the consumers have authorized – by manipulating the above-mentioned problem. In this way, the venue witnessed huge damage.
While responding to the very event, TransitSwap shared a Twitter thread in which it elaborated on the exact occurrence of the incident. It noted that the team of TransitFinance carried out a proper review of the matter to check out what happened along with its reasons. Following this, it was established by them that an exploiter attacked the venue because a glitch was present within the code and the venue apologized for that.
TransitSwap Recovers Attacker’s IP and Other Addresses for the Recovery
While further describing the aftermath of the hack, TransitSwap disclosed that the teams of TransitFinance, TokenPocket_TP, Peckshield, Bitrace, and SlowMist worked collaboratively. That is how, in its words, they have gathered considerable valid information about the attack and the entity that was involved in doing that. At the moment, TransitSwap has valid information regarding the hacker (including the on-chain addresses, the email address, as well as the IP thereof).
After having access to that specific information, the venue assured to interact with the exploiter and attempt to recover the losses caused to the consumers. In the end, TransitSwap revealed that they will update their clients with additional details in the coming time with the hope that the issue gets resolved with the endeavours it takes.
