Back

Transit Finance Suffers $1.88M Hack, Promises User Refunds

Severity: High (Score: 64.5)

Sources: Mexc, Cryptopolitan

Summary

Transit Finance experienced a hack that resulted in the theft of approximately $1.88 million from a deprecated smart contract. PeckShield identified the breach and traced the stolen funds to a specific Ethereum address. The attack exploited vulnerabilities in an early-version smart contract on the TRON network, which had been deprecated since 2022. Transit Finance has committed to refunding affected users and has set a 48-hour window for the attacker to respond regarding the return of the stolen assets. The protocol has stated that its current smart contract version remains secure and unaffected. This incident is part of a broader trend of DeFi attacks, with significant losses reported in recent weeks. In April alone, the DeFi sector lost over $609 million to cyberattacks, raising concerns about the security of cross-chain protocols. The total losses in 2026 are projected to reach $2.3 billion due to ongoing vulnerabilities. Key Points: • Transit Finance lost $1.88 million due to a hack exploiting a deprecated smart contract. • PeckShield identified the stolen funds in a specific Ethereum address linked to the attack. • The incident is part of a larger trend of DeFi security breaches, with 2026 losses nearing $2.3 billion.

Key Entities

  • Lazarus Group (apt_group)
  • Data Breach (attack_type)
  • Aurellion Labs (company)
  • Drift Protocol (company)
  • Kelp DAO (company)
  • KelpDAO (company)
  • Transit Finance (company)
  • CWE-20 - Improper Input Validation (cwe)
  • cryptopolitan.com (domain)
  • LayerZero (platform)
  • Solana (platform)
  • TRON (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed