Cyber Incident Victim: Transit Finance
Date:
Oct 2022
Location:
United States of America
Summary
A decentralized exchange platform suffered a security breach where attackers exploited a code vulnerability, resulting in the theft of approximately $28.9 million in cryptocurrency. The primary hacker returned nearly $19 million of the stolen funds after on-chain negotiations, citing dissatisfaction with initial bug bounty terms but later expressing intent to improve communication in future exploits. Security firms assisting the platform identified the perpetrator’s IP and email while tracking transactions across multiple blockchains. The incident prompted warnings about secondary scams targeting users’ private keys, and recovery efforts continued for outstanding assets. The hacker claimed the exploit was intended to highlight security flaws, referencing larger recent breaches in decentralized finance ecosystems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around October 1, 2022, Transit Swap—a decentralized exchange platform—experienced a security breach resulting in the theft of approximately $28.9 million in cryptocurrency. The attacker exploited a vulnerability in the platform’s code to initiate the attack, which was detected shortly after its occurrence. Transit Swap engaged blockchain security firms PeckShield and SlowMist to investigate the incident, leading to the identification of the hacker’s IP address, email address, and associated wallet addresses. By October 2, the hacker had returned $19 million of the stolen funds to Transit Swap, marking the sole refund transaction at that stage. The platform publicly disclosed the breach, urging other potential perpetrators involved in the incident to return remaining assets to avoid escalation. Transit Swap warned users about fraudsters attempting to exploit the incident through phishing attempts targeting wallet private keys or sensitive data.
Transit Swap’s team collaborated with multiple security companies to trace the incident and communicate with the hacker via email and on-chain messages. The hacker initially criticized Transit Swap’s bug bounty offer as insufficient, comparing it to higher rewards from prior incidents like the Nomad and Wintermute breaches, and implied the vulnerability resembled an intentional backdoor. However, the hacker later acknowledged Transit Swap’s efforts, pledged to improve communication in future exploits, and framed their actions as contributing to web3 security. Transit Swap prioritized compiling user-specific loss data to develop a restitution plan while continuing recovery efforts for outstanding funds. The incident occurred amid a series of high-profile cryptocurrency thefts, including Wintermute’s $160 million loss and Nomad’s $200 million breach, though no direct operational links between these events were confirmed. As of October 2, Transit Swap’s investigation remained ongoing, with no further recovery updates disclosed in the available source material.