Transit Swap Hacker Sent Assets to Tornado Cash

The hacker who hacked the Transit Swap decentralized cross-chain exchange transferred part of the stolen funds to the Tornado Cash mixer and entered into correspondence with the project team.

On October 2, an unknown person withdrew approximately $21 million worth of assets from Transit Swap. Later, the exchange team reported that the hacker had returned 70% of the stolen funds and invited him to get in touch.

On October 3, the attacker reimbursed the platform another 2612 BNB (~$750,000) and sent a message signed to the transaction. At the same time, he made 40 transfers of 100 BNB to Tornado Cash.

He expressed doubts about the sincerity of the proposals of the Transit Swap developers and said that he should receive a big reward, referring to the incidents with Nomad and Wintermute. According to him, he hacked only the Ethereum and BNB Chain networks. In case of an attack on other chains like Fantom, Tron, Polygon, the production will reach $ 100 million, the hacker is sure.

“It’s hard not to suspect that this is your official backdoor, and you should be happy that I implemented the exploit, and not anyone else,” he commented on the vulnerability used in the code.

The developers refuted his words, assuring that the bug was not intentional.

They noted that the stolen funds belong to users and expressed hope for their return. The Transit Swap team also announced its readiness to increase the reward.

The hacker replied that he spent a lot of time auditing the project code and successfully exploited the vulnerability. He also stated his readiness to conduct a dialogue based on the principles of remuneration for the detected bug.

“We appreciate your response and refund, we consider your actions testing, not an attack. All these funds belong to the users, we hope that you will continue to return and sincerely invite you to start friendly communication about the bug bounty right now, thank you!”, the developers wrote

Recall that in May, the Wormhole project team paid $10 million to a white hacker who discovered a critical vulnerability in the protocol.