Skip to main content
Sign in
Transit Swap1 decision on this page

Audit log

Every state-changing event for Transit Swap: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-20 18:36:38Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-beta
    sig
    3bhyV8szwL7D…iNEXJk86explorer ↗
    hash
    9QtcPYfzmWEM…jXmJqquUsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5364 B) ▸
    {"actor":"system:backfill","investigation_id":"e7ebdd6a-6863-4d90-8037-ecdd1c0853ca","kind":"publish","page_slug":"transit-swap","published_at":"2026-05-20T18:36:38.887Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Transit Swap","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://docs.transit.finance/"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-transit-swap-hack-october-2022"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@TransitSwap/multi-chain-dex-aggregator-transit-swap-6f6c62ea3335"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-transit-swap-hack-october-2022"},{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/cross-chain-dex-aggregator-transit-swap-hacked-analysis-74ba39c22020"},{"credibility":3,"name":"","type":"other","url":"https://www.numencyber.com/transit-swap-hack-analysis/"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/hacker-exploits-21m-vulnerability-in-transit-swap/"},{"credibility":3,"name":"","type":"other","url":"https://blog.solidityscan.com/transit-swap-hack-analysis-13c1e04e7de0/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/cross-chain-dex-aggregator-transit-swap-hacked-analysis-74ba39c22020"},{"credibility":3,"name":"","type":"other","url":"https://www.numencyber.com/transit-swap-hack-analysis/"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/transit-swap-hacker-returns-16-5m-of-stolen-funds/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/transit-swap-hacker-returns-16-5m-of-stolen-funds/"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/transit-swap-hacker-returns-70-of-23m-in-stolen-funds"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2022/10/03/transit-swap-exploiter-returns-large-chunk-of-289m-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/174307/hacker-returns-70-of-21-million-taken-from-transit-swap-dex"},{"credibility":3,"name":"","type":"other","url":"https://247wallst.com/investing/2022/10/06/transit-swap-hacker-offers-to-return-90-of-funds-if-users-refunded/"},{"credibility":3,"name":"","type":"other","url":"https://forkast.news/hacker-return-funds-us23-mln-transit-swap/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-transit-swap-hack-october-2022"},{"credibility":3,"name":"","type":"other","url":"https://docs.transit.finance/announcement/announcement/relaunch"},{"credibility":3,"name":"","type":"other","url":"https://www.vidma.io/blog/transit-swap-hack-a-21m-lesson-in-smart-contract-vulnerabilities"},{"credibility":3,"name":"","type":"other","url":"https://neptunemutual.com/blog/decoding-transit-finances-contract-vulnerability/"}]}],"sources_used":[],"summary":"Transit Swap is a cross-chain DEX aggregator incubated by TokenPocket, supporting swaps across Ethereum, BNB Chain, Polygon, Tron, Solana, and other networks. On October 1–2, 2022, an attacker exploited an input validation vulnerability in the platform's swap contract, draining approximately $21–28.9 million in user funds across Ethereum and BNB Chain. The attacker subsequently returned roughly 70% of stolen assets after security firms identified the exploiter's IP address and email, though an estimated 30% of funds — including amounts routed through Tornado Cash — remain unrecovered.","timeline":[{"date":"2022-10-01","event":"Attacker exploits input validation vulnerability in Transit Swap's swap contract across Ethereum and BNB Chain, draining approximately $21–28.9 million in user funds.","source":""},{"date":"2022-10-02","event":"SlowMist, Numen Cyber Labs, PeckShield, and Bitrace publish on-chain analysis identifying the attacker's address (0x75F2abA6a44580D7be2C4e42885D4a1917bFFD46), IP address, and email. Transit Finance issues a public apology.","source":""},{"date":"2022-10-02","event":"Attacker routes approximately 2,500 BNB through Tornado Cash and attempts a withdrawal via LATOKEN exchange.","source":""},{"date":"2022-10-03","event":"Attacker returns approximately 70% of stolen funds (roughly $16.2–18.9 million) to two addresses on Ethereum and BNB Chain, following communications with security firms and Transit Finance.","source":""},{"date":"2022-10-06","event":"Negotiations continue: attacker communicates on-chain willingness to return an additional portion of funds if Transit Finance guarantees 100% repayment to all affected users; Transit Finance had offered a 5% bounty, attacker countered at 10%.","source":""},{"date":"2022-10-21","event":"Transit Swap officially relaunches with a new open-source contract audited by SlowMist, a whitelist mechanism for external calls, a $1,000,000 bug bounty program, and a Transit Security Fund allocating 10% of monthly revenue to security.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 2de596ca-ecc7-41a7-909c-f2a603f43358
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.