Transit Finance's cross-chain swap aggregator was exploited for $1.8M via a vulnerability in its swap routing logic.
Transit Finance, a multi-chain swap and bridge aggregator, was exploited in May 2026 through a vulnerability in its cross-chain swap routing logic. The attacker manipulated swap parameters to receive tokens on the destination chain without providing equivalent value on the source chain. The exploit affected multiple chains including Ethereum, BNB Chain, and Arbitrum, with total losses estimated at $1.8 million. Transit Finance paused its swap functionality and engaged security auditors.
Stolen tokens across Ethereum, BNB Chain, and Arbitrum were consolidated and swapped into ETH and BNB via 1inch and PancakeSwap. A portion was bridged to Bitcoin through THORChain. No mixer usage confirmed. Transit Finance is working with chain analytics firms to trace funds. No recovery reported.