The latest exploit represents another setback for decentralized financial infrastructure, particularly cross-chain systems that have remained a prime target for hackers.
summary
- Transit Finance lost about $1.88 million in a new exploit reported by blockchain security firm PeckShield.
- The attack adds to growing pressure on DeFi protocols and cross-chain pools following more than $1 billion in cryptocurrency hacks this year.
- Transit Finance has not issued any recovery roadmap or post-mortem technical report as of the date of publication.
Transit Finance, a decentralized cross-chain aggregation protocol, suffered an exploit that drained nearly $1.88 million from the platform on May 13, according to blockchain security watchdog Peak Shield.
The breach was first reported by ChainCatcherCiting PeckShield monitoring data. Transit Finance had not released a detailed public explanation or recovery plan at press time.
This exploit represents another setback for decentralized financial infrastructure, especially cross-chain systems that have remained a prime target for attackers exploiting smart contract vulnerabilities, bridge architecture flaws, and wallet permissions vulnerabilities.
Security concerns about DeFi are growing
The latest attack comes amid a widespread increase in security incidents related to cryptocurrencies. According to the previous crypto.news website storyPeckShield estimated that hackers stole more than $1.63 billion during the first quarter of 2025 alone, driven largely by the record-breaking Bybit exploit.
In March 2026, PeckShield reported 20 major cryptocurrency security incidents totaling approximately $52 million in losses, a 96% increase from February’s $26.5 million, according to ChainCatcher. The company warned of a growing “shadow contagion” effect where one exploit leads to a cascade of bad debts across multiple DeFi protocols.
Cross-chain infrastructure becomes particularly vulnerable because attackers can quickly move assets across networks and money laundering services. Earlier this year, hackers broke into a multi-signature wallet and stole $27.3 million in digital assets, later transferring 6,300 Ethereum worth approximately $19.4 million through Tornado Cash, according to Tornado Cash. Q Queen.
The Transit Finance incident also comes on the heels of several major bridge and liquidity exploits reported in recent weeks. In April, Kelp DAO’s LayerZero-powered bridge lost nearly $292 million after an attacker forged a malicious cross-chain message, according to CryptoTimes.
Scrutiny grows in the industry after repeated exploitation
Security researchers and protocol developers are increasingly warning that interoperability systems remain one of DeFi’s weakest points. Data collected by TheChainPost It showed that hackers stole nearly $1.08 billion across at least 68 cryptocurrency incidents in 2026 as of late April.
PeckShield said in a previous report that attackers are increasingly relying on mixers like Tornado Cash and cross-chain routing protocols like THORChain to hide stolen funds. In a separate vulnerability disclosed this week, a TrustedVolumes attacker transferred approximately $278,000 in stolen assets through Tornado Cash and THORChain, according to Daily Hoddle.
Transit Finance has not publicly confirmed whether users’ funds will be refunded or whether affected smart contracts have been temporarily suspended.
