Cross-chain decentralized exchange aggregator Transit Finance appears to have been hacked, with losses estimated at around $1.88 million. The incident has drawn quick attention from on-chain security monitors and the wider crypto community today.
According to blockchain security firm PeckShield, suspicious activity was detected on the protocol, with reports indicating that a portion of the drained funds originated from the Tron network. Some tracing activity has also pointed toward connections with the HitBTC exchange.
Transit Finance functions as a multi-chain swap platform that aggregates liquidity from various decentralized exchanges and provides bridging services across different blockchains. Its main interfaces transit.finance and swap.transit.finance allow users to perform seamless cross-chain transactions in one place.
#PeckShieldAlert @TransitFinance seems to have been hacked for ~$1.88M
The stolen funds are currently sitting in the following address in $DAI: 0x8a634DfA2609358849D7D65FFA270C8A57a8abA5 pic.twitter.com/9RSQkgdfX6
— PeckShieldAlert (@PeckShieldAlert) May 13, 2026
Project’s On-Chain Response
The Transit Finance team has already sent an on-chain message to the attacker’s address, offering a bug bounty in exchange for the return of the funds. They provided a 48-hour window for a potential white-hat resolution.
The stolen funds are currently held in approximately 1.875 million DAI at the Ethereum address 0x8a634DfA2609358849D7D65FFA270C8A57a8abA5. As of Wednesday evening, the funds remain unmoved in this wallet. The exact root cause of the exploit has not yet been publicly disclosed by the project.
Community reactions have been swift, with several accounts advising users to immediately revoke token approvals related to Transit Finance as a safety precaution. Comments such as “another day, another DeFi incident” reflect the persistent security challenges in the space.The incident further highlights growing concerns around DeFi security, especially after the Ink Finance exploit on Polygon where attackers reportedly abused a treasury proxy whitelist flaw through a flash loan attack
Past Security Incidents
📢📢📢Updates about TransitFinance
1/5 We are here to update the latest news about TransitFinance Hacking Event. With the joint efforts of all parties, the hacker has returned about 70% of the stolen assets to the following two addresses:— Transit (@TransitFinance) October 2, 2022
This is not the first time Transit Finance has faced a major exploit. In October 2022, the project (then widely known as Transit Swap) suffered a significant hack that resulted in losses estimated between $21 million and $29 million. The attacker exploited a critical vulnerability in the project’s swap contract. Specifically, a composability issue allowed unauthorized arbitrary external calls, draining user-approved tokens across multiple chains. Security researchers quickly got involved and tracked the hacker’s on-chain movements. Following intense negotiations, the primary attacker returned approximately 70% of the stolen funds (around $18–19 million) within a few days.The current incident, while considerably smaller in scale, adds to ongoing concerns about smart contract security and approval mechanisms in cross-chain DeFi protocols.
Current Status and Advice
As this story develops, the stolen funds continue to sit in the attacker-controlled address. The Transit Finance team is believed to be conducting an internal investigation, though no detailed official statement has been released beyond the on-chain communication.
Users who have interacted with the Transit Finance platform are strongly recommended to:
- Check their wallet approvals
- Revoke any unnecessary permissions linked to the protocol
- Monitor transactions carefully in the coming days
Further updates are expected once the project shares more technical details about the exploit vector and any recovery progress. On-chain analysts and security researchers are actively monitoring the situation for any movement in the affected wallet.
