A hacker behind the recent Transit Swap exploit hinted at returning additional funds after the first stage of user refunds is completed, according to a blockchain message sent from one of the hacker’s addresses. The message comes just a few days after the hacker returned 70% of the stolen funds following the $28.9 million exploit.
Hackers Open to Cooperation if Transit Swap Makes 100% Refunds
A hacker behind the Transit Swap exploit is considering returning more funds to the decentralized exchange (DEX) once it completes the first phase of user refunds, according to the message on the blockchain sent from the hacker’s address.
Earlier this week, Transit Swap said it intends to return funds to its customers in two phases. In the first phase, the DEX will refund the assets that the hackers have recently returned, and give back the remaining funds in the second phase.
Transit Swap lost nearly $28.9 million in a recent exploit, more than 65% of which was later returned by the hackers. The funds were stolen after hackers discovered an internal flaw in Transit’s swap contract.
“After a selfeview by the TransitFinance team, it was confirmed that the incident was caused by a hacker attack due to a bug in the code. We are deeply sorry.”
Transit Swap said in a tweet.
Transit Swap teamed up with several security firms including SlowMist, PeckShield, and Bitrace, among others, and managed to find the hacker’s IP address. The efforts resulted in the hacker returning $18.9 million of the stolen funds.
On Monday, another hacker involved in the exploit said he intends to retain 30% of the stolen amount, to which Transit Swap responded with a counteroffer of 5%. Hacker then said they would be open to lowering the request from 30% to 10% if the DEX guarantees to make 100% refunds to users.
DeFi Plagued With Exploits
The Transit Swap exploit is one of the latest in a series of decentralized finance (DeFi) attacks in 2022. Last month, another group of hackers stole $160 million from the crypto asset algorithmic market maker Wintermute.
Just a week later, $950,000 worth of Ether was siphoned from a crypto wallet using the vanity address exploit. The hacker then mixed the funds using Tornado Cash, which was sanctioned by the U.S. Treasury Department earlier this year.
The number of attacks on DeFi has been on the rise since 2021, suggesting that this space has a long way to go in terms of security.
This article originally appeared on The Tokenist
Sponsored: Find a Qualified Financial Advisor
Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to 3 fiduciary financial advisors in your area in 5 minutes. Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests. If you’re ready to be matched with local advisors that can help you achieve your financial goals, get started now.