Latest exploit marks another setback for decentralized finance infrastructure, notably cross-chain systems that have remained a prime target for hackers.
- Transit Finance lost about $1.88 million in a fresh exploit flagged by blockchain security firm PeckShield.
- The attack adds to mounting pressure on DeFi protocols and cross-chain aggregators after more than $1 billion in crypto hacks this year.
- No recovery roadmap or technical post-mortem has been released by Transit Finance as of publication.
Transit Finance, a decentralized cross-chain aggregation protocol, suffered an exploit that drained roughly $1.88 million from the platform on May 13, according to blockchain security monitor PeckShield.
The breach was first reported by ChainCatcher, citing PeckShield monitoring data. Transit Finance had not issued a detailed public explanation or recovery plan at the time of publication.
The exploit marks another setback for decentralized finance infrastructure, particularly cross-chain systems that have remained a prime target for attackers exploiting smart contract vulnerabilities, bridge architecture flaws and wallet permission weaknesses.
DeFi security fears intensify
The latest attack arrives amid a broader surge in crypto-related security incidents. According to a previous crypto.news story, PeckShield estimated that hackers stole more than $1.63 billion during the first quarter of 2025 alone, driven largely by the record-breaking Bybit exploit.
In March 2026, PeckShield reported 20 major crypto security incidents totaling approximately $52 million in losses, a 96% increase from February’s $26.5 million, according to ChainCatcher. The firm warned of a growing “shadow contagion” effect in which one exploit triggers cascading bad debt across multiple DeFi protocols.
Cross-chain infrastructure has become especially vulnerable because attackers can rapidly move assets across networks and laundering services. Earlier this year, hackers infiltrated a multisignature wallet and stole $27.3 million in digital assets, later funneling 6,300 ETH worth roughly $19.4 million through Tornado Cash, according to KuCoin.
The Transit Finance incident also follows several major bridge and liquidity exploits reported in recent weeks. In April, Kelp DAO’s LayerZero-powered bridge lost approximately $292 million after an attacker forged a malicious cross-chain message, according to CryptoTimes.
Industry scrutiny grows after repeated exploits
Security researchers and protocol developers are increasingly warning that interoperability systems remain one of the weakest points in decentralized finance. Data compiled by TheChainPost showed hackers stole approximately $1.08 billion across at least 68 crypto incidents in 2026 through late April.
PeckShield said in a previous report that attackers have increasingly relied on mixers such as Tornado Cash and cross-chain routing protocols like THORChain to obscure stolen funds. In a separate exploit disclosed this week, the TrustedVolumes attacker moved approximately $278,000 in stolen assets through Tornado Cash and THORChain, according to Daily Hodl.
Transit Finance has not publicly confirmed whether user funds can be recovered or whether affected smart contracts have been paused.
