Home DeFi I may get $100M if I attacked different chains: TransitSwap Hacker

I may get $100M if I attacked different chains: TransitSwap Hacker

by crpt os


Hacks have become increasingly common in the crypto-verse. While earlier exploits were limited to stealing funds, hackers these days have been on a roll to alert projects of their vulnerabilities. An array of compromised firms over the last couple of months have managed to retrieve funds, however, the uncertainty of being attacked remains. TransitSwap, a decentralized exchange aggregator was recently drained of about $23 million. While the platform managed to recover 70 percent of the funds, the hacker had a rather distressing message for the platform.

The hacker exploited an internal bug on a swap contract. However, the hacker was soon traced as his IP, email address, and associated-on chain addresses were garnered. Following the efforts of several “parties”, the hacker returned about $16.2 million.

It should be noted that funds were recovered in Ether, Binance-Peg ETH as well as Binance Coin [BNB]. 30 percent of the funds are still with the hacker. While it was brought to light that some of the stolen funds were moved to Tornado Cash, the hacker reportedly stated,

“I only exploited ETH and BSC. If I attack other chains, I can get $100m. I should get a higher bounty than what I get now. It’s hard not to suspect that this is your official backdoor.”

While the return of the funds came as a relief to the platform’s distressed users, the latest message caused chaos.

SlowMist breaks down Transit Swap’s recent attack

In a study of the issue, cybersecurity company SlowMist reported that the hacker had taken use of a vulnerability in the Transit Swap smart contract code that originated from the transfer from() function, effectively allowing users’ tokens to be sent straight to the exploiter’s address.

Elaborating on the same, the platform wrote,

“The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex