Hacker Exploits Transit Swap and Steals $23 Million – Here’s Everything You Need to Know

cryptonews.com:

Decentralized exchange (DEX) aggregator Transit Swap had lost $23 million in a hack - before $16.1 million was returned. 

Another day, another decentralized finance (DeFi) hack. This time around, the target was Transit Swap, which confirmed on Sunday that a hacker had managed to exploit "a bug in the code."

Per the crypto security firm SlowMist, 

The "team analyzed and assessed the size of the stolen funds to be over $23 million."

Notably, an arbitrage bot seems to have front-run the hacker during a transfer. Arbitrage bots are computer programs that use market information to make trades. Meanwhile, a front-running bot can scan pending transactions in milliseconds and pay higher gas fees for miners to process their transactions first.

However, the DEX aggregator team said that, thanks to a number of security teams - naming SlowMist, PeckShield, Bitrace, and TokenPocket - Transit Swap quickly gathered information on the hacker.

They tweeted that,

"We now have a lot of valid information such as the hacker's IP, email address, and associated on-chain addresses. We will try our best to track the hacker and try to communicate with the hacker and help everyone recover their losses."

The team said that they would share more details on the incident "as soon as possible." 

SlowMist, however, in their report wrote that the root cause of the attack is that the Transit Swap protocol "does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls," concluding that, 

"The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap."

Just hours after the incident was confirmed by Transit Swap, they announced that, "with the joint