Hacker Pockets $677,000 and Free Pass to Settle TransitFinance Exploit
Smart Contract Bug Opened Up Swap Aggregator to $29M Hack
By: Tarang Khaitan •Byte
In a deal that demonstrates the mounting influence of bounties in crypto exploits, TransitFinance, a cross-chain swap aggregator, announced on Oct. 10 it had reached an agreement with a hacker behind the $29M exploit of the protocol last week.
Under the terms, the hacker, known as “White hack #1”, will immediately pay back 6,500 BNB ($1.8M), and 3,500 BNB when the team initiates their second round of refunds to its users.
White Hat Compensation
The hacker will be allowed to keep 2,500 BNB as a white hat compensation. TransitFinance, which is also known by its brand Transit Swap, agreed to not pursue legal action against the hacker if White hack #1 complies with the deal.
Last week, White hack #1 returned assets worth about $19M after cyber-security teams managed to gain their personal information namely: IP address, email address, and on-chain address.
The hack was made possible due to a bug in the smart contract. The total amount lost in the hack stood at $28.9M.
On Oct.6, the team managed to recover $246,000 with assistance from BlockSec. They have warned exploiters who have not returned funds to do so by Oct.12, or else they will face legal action.
On Oct.7, the team initiated the first round of refunds to users. Meanwhile, users whose private keys or mnemonics were leaked received an emailwith instructions on how to reclaim their funds.
Earlier this month, Binance Smart Chain had to be paused, due to a $560M bridge hack.