Skip to main content
Sign in

Transit Swap

avoid.net/transit-swap18/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:defillama]
anchored·3bhyV8…Jk86

Summary

Transit Swap is a cross-chain DEX aggregator incubated by TokenPocket, supporting swaps across Ethereum, BNB Chain, Polygon, Tron, Solana, and other networks. On October 1–2, 2022, an attacker exploited an input validation vulnerability in the platform's swap contract, draining approximately $21–28.9 million in user funds across Ethereum and BNB Chain. The attacker subsequently returned roughly 70% of stolen assets after security firms identified the exploiter's IP address and email, though an estimated 30% of funds — including amounts routed through Tornado Cash — remain unrecovered.

Connected Entities

1 entities
Protocols
Transit Swap
Relationships
    Have evidence about Transit Swap?

    Timeline(6 events)

    2022-10-01

    Attacker exploits input validation vulnerability in Transit Swap's swap contract across Ethereum and BNB Chain, draining approximately $21–28.9 million in user funds.

    2022-10-02

    SlowMist, Numen Cyber Labs, PeckShield, and Bitrace publish on-chain analysis identifying the attacker's address (0x75F2abA6a44580D7be2C4e42885D4a1917bFFD46), IP address, and email. Transit Finance issues a public apology.

    2022-10-02

    Attacker routes approximately 2,500 BNB through Tornado Cash and attempts a withdrawal via LATOKEN exchange.

    2022-10-03

    Attacker returns approximately 70% of stolen funds (roughly $16.2–18.9 million) to two addresses on Ethereum and BNB Chain, following communications with security firms and Transit Finance.

    2022-10-06

    Negotiations continue: attacker communicates on-chain willingness to return an additional portion of funds if Transit Finance guarantees 100% repayment to all affected users; Transit Finance had offered a 5% bounty, attacker countered at 10%.

    2022-10-21

    Transit Swap officially relaunches with a new open-source contract audited by SlowMist, a whitelist mechanism for external calls, a $1,000,000 bug bounty program, and a Transit Security Fund allocating 10% of monthly revenue to security.

    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:defillama

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/4/2026, 2:54:47 AM

    last updated: 5/20/2026, 6:36:38 PM

    avoid.net — verified advice for a post-truth world