In brief ⚡
On the 21st of December 2023, Transit Finance was attacked on the BNB chain. The attack was made due to a lack of validation on the swap path supplied by users. Around $110k was stolen by the attacker.
Hacks and Scams⚠️
Transit Finance
Amount of Loss: ~ $110k
Analysis
TransitFinance experienced a hack resulting in a $110,000 loss across Binance Smart Chain (BSC) and Ethereum (ETH) networks.
The attacker manipulated input validation for pools, providing a forged pool and WBNB/BUSD pool path.
The exploiter received initial funding from Tornado Cash, a privacy-focused decentralized finance (DeFi) protocol.
Lack of validation on user-supplied swap paths allowed the attacker to manipulate the actualAmountIn, leading to unintended asset swaps and losses.
The attacker directed funds to a PancakePair created earlier, initially yielding no profit but obscuring the subsequent exploitation.
The attacker inflated their tokens' price, then removed liquidity from the PancakePair, hiding the illicit gains.
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Tweets
GitHub Repos
Articles
Cracks in the Code: Understanding the Vulnerabilities of AMM Protocols
Liquidations in Decentralized Finance: A Comprehensive Review
Web3 Community Spotlight🔦
Note - all the respective links has been embedded in the image
Thanks for reading HashingBits! Share a summary of our newsletter on your social media platforms, tag us, and use the #AwareToEarn hashtag, and you could win 10 USDT as a reward! Help us build a safer Web3 ecosystem and have a chance to earn rewards and support our work.