Ethereum, Binance Smart Chain
Does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls.
https://twitter.com/TransitFinance/status/1576331732349222912 https://medium.com/@slowmist/cross-chain-dex-aggregator-transit-swap-hacked-analysis-74ba39c22020 https://twitter.com/TransitFinance/status/1576463550557483008 https://twitter.com/BeosinAlert/status/1576458893206908929 https://medium.com/@TransitSwap/updates-about-transitfinance-317f4fe67931
Days in Operation:
100 pts each
Transit Swap integrates the most popular DEXs of public chains, selects and combines their advantages intelligently to provide better depth for your transactions and return more target tokens. Transit Swap reported that it has been attacked by hackers.
The hacker has transferred 2,500 BNB to Tornado Cash, and the remaining funds are kept in the hacker’s addresses. The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.
Then it got more interesting. According to SlowMist, Transit Swap hacker was then front-run by an arbitrage bot when he transferred BUSD assets from the user on the BSC chain, block height 21816885, and made a profit of 1.07 million $BUSD.
With the joint efforts of all parties with threats of doxing with IP and email, the hacker has returned about 70% of the stolen assets to the following two addresses:
BNB Smart Chain: 0xfab745c5ee6c59c09605a40464232930892ba48c
All together 4 exploiters were involved (separately). The original exploiter has agreed to return 10,000 BNB and retain 2500 BNB as bounty. No action on remaining exploiters.
Hacker#3 (Hacker-imitator) - $23,758
Hacker#6 (Hacker-imitator) - 640 ETH
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.