Transit Finance Loses $1.8M in Cross-Chain DAI Heist

Blockchain security firm PeckShield flagged on Wednesday that Transit Finance was exploited for roughly $1.8 million in DAI stablecoins. PeckShield traced the transfers to a single Ethereum address, which held most of the funds at the time of the alert. The firm did not disclose the specific vulnerability used in the incident.

Transit Finance operates as a cross-chain swap aggregator, routing trades across more than a dozen blockchain networks. That design can involve multiple protocols and smart contracts in a single transaction, increasing the number of components an attacker can target.

The platform previously suffered a major breach in October 2022 when attackers exploited improper input validation in its swap mechanism to move about $28.9 million from users who had granted approvals. Some of the funds from that incident were recovered.

The reported loss at Transit comes after more than $600 million in decentralized finance protocol thefts in April. Two large incidents accounted for most of that total: Kelp DAO lost $293 million on April 19 and Drift Protocol reported a $280 million loss on April 1. Security analysts now project full-year 2026 DeFi hacking losses could reach about $2.3 billion. A TRM Labs analysis estimated that the North Korea-linked Lazarus Group is responsible for roughly 76% of known crypto hack losses through April 2026.

At the time of PeckShield’s alert, Transit Finance had not issued a detailed public response and the identified Ethereum address had not been linked to any public exchange statements. Investigations of similar incidents typically trace token flows, seek recoveries through exchanges and custodians, and involve blockchain analytics firms and law enforcement.