Multiple cryptocurrency security companies collaborated to investigate the hack shortly after it occurred. Transit Swap announced that "through the joint efforts of the SlowMist security team, the Bitrace security team, the PeckShield security team, the TokenPocket team and the TransitFinance technical team, we now have a lot of valid information such as hacker's IP, email address, and associated on-chain addresses." They subsequently announced that the attacker had returned around 70% of the stolen funds ($14–$15 million).
Transit Swap hacked for $21 million, hacker returns large portion
Transit Swap is a multi-chain decentralized exchange aggregator. Users of the project were collectively exploited for approximately $21 million when an attacker took advantage of a bug in the project's smart contract that allows arbitrary external calls. The attacker used this vulnerability to steal tokens that had been approved for swap by Transit Swap users. Amusingly, the hacker lost about $1 million of their ill-gotten funds to a MEV bot that was able to successfully front-run the swap.