59 minutes ago
15
Transit Finance, a cross-chain swap aggregator that routes trades across more than a dozen blockchain networks, appears to have been exploited for $1.8 million in DAI stablecoins, according to blockchain security firm PeckShield.
The firm flagged the breach on Wednesday and identified a single Ethereum address currently holding the stolen funds.
The report follows a devastating month for DeFi, where exploits and hacks have collectively siphoned more than $600 million from protocols.
April’s DeFi losses were dominated by two major exploits. Kelp DAO, a liquid restaking protocol, was drained of $293 million on April 19, and Drift Protocol, a Solana-based perpetuals exchange, lost $280 million on April 1. Those two incidents made up almost the entire monthly total, with full-year 2026 DeFi hacking losses now projected to reach $2.3 billion.
North Korea-linked Lazarus Group is believed to account for roughly 76% of all crypto hack losses through April 2026, according to a recent report from TRM Labs. Cross-chain systems like Transit Finance remain high-value targets due to their interconnected design and expanded exposure across multiple networks.
Transit Finance has faced similar issues in the past, including a major October 2022 exploit in which roughly $28.9 million was stolen. The attack exploited improper input validation in its swap mechanism, allowing unauthorized transfers from users who had granted approvals. A portion of the funds were recovered.
Disclosure: This article was edited by Vivian Nguyen. For more information on how we create and review content, see our Editorial Policy.
English (US) ·