Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
According to official news, Transit Swap, a cross-chain trading platform aggregator supported by TokenPocket, was hacked. According to the analysis of SlowMist MistTrack, the stolen assets exceeded 28.9 million US dollars. The hacker's account address is 0x75f2aba6a44580d7be2c4e42885d4a1917bffd46. The largest attacker had returned 6,500 BNB (about $1.95 million) on October 10, and on October 13, the attackers returned 3,485 BNB (about $950,000). Attack method (per SlowMist): Unchecked Input Data. Reported loss: $ 28,900,000.
- chain
- —
- protocol
- Transit Swap
- bug_class
- unknown
- date_occurred
- 2022-10-02
- loss_usd
- $28,900,000
- source_id
- sm:transit-swap::2022-10-02