Transit Finance Hack 2026 — $2M Exploit Analysis

$1.8M in DAI drained from Transit Finance cross-chain swap aggregator; funds traced to a single Ethereum address by PeckShield. Repeat hack of same protocol (previously hit in Oct 2022 for $28.9M).

Details

Full Description

On May 13 2026, Transit Finance — a cross-chain swap aggregator — suffered its second major exploit, with $1.8M in DAI drained from the protocol. The exact attack vector has not been fully disclosed by the project team. PeckShield security researchers identified and traced the stolen $1.88M DAI to a single Ethereum wallet address. This is a repeat incident for Transit Finance, which was previously hacked in October 2022 for $28.9M in a token approval exploit. The recurrence suggests insufficient remediation of approval-based vulnerabilities following the 2022 incident.

Laundering Analysis

Stolen DAI remains in an identified Ethereum wallet address as of reporting date. PeckShield's on-chain tracing successfully identified the destination wallet, but no recovery or freezing action has been confirmed. The stolen funds have not been converted to ETH or moved through mixers as of last update.

Sources

Related Hacks

Back to Browse