Verify a decision

{"actor":"system:backfill","investigation_id":"e7ebdd6a-6863-4d90-8037-ecdd1c0853ca","kind":"publish","page_slug":"transit-swap","published_at":"2026-05-20T18:36:38.887Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Transit Swap","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://docs.transit.finance/"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-transit-swap-hack-october-2022"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@TransitSwap/multi-chain-dex-aggregator-transit-swap-6f6c62ea3335"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-transit-swap-hack-october-2022"},{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/cross-chain-dex-aggregator-transit-swap-hacked-analysis-74ba39c22020"},{"credibility":3,"name":"","type":"other","url":"https://www.numencyber.com/transit-swap-hack-analysis/"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/hacker-exploits-21m-vulnerability-in-transit-swap/"},{"credibility":3,"name":"","type":"other","url":"https://blog.solidityscan.com/transit-swap-hack-analysis-13c1e04e7de0/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/cross-chain-dex-aggregator-transit-swap-hacked-analysis-74ba39c22020"},{"credibility":3,"name":"","type":"other","url":"https://www.numencyber.com/transit-swap-hack-analysis/"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/transit-swap-hacker-returns-16-5m-of-stolen-funds/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/transit-swap-hacker-returns-16-5m-of-stolen-funds/"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/transit-swap-hacker-returns-70-of-23m-in-stolen-funds"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2022/10/03/transit-swap-exploiter-returns-large-chunk-of-289m-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/174307/hacker-returns-70-of-21-million-taken-from-transit-swap-dex"},{"credibility":3,"name":"","type":"other","url":"https://247wallst.com/investing/2022/10/06/transit-swap-hacker-offers-to-return-90-of-funds-if-users-refunded/"},{"credibility":3,"name":"","type":"other","url":"https://forkast.news/hacker-return-funds-us23-mln-transit-swap/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-transit-swap-hack-october-2022"},{"credibility":3,"name":"","type":"other","url":"https://docs.transit.finance/announcement/announcement/relaunch"},{"credibility":3,"name":"","type":"other","url":"https://www.vidma.io/blog/transit-swap-hack-a-21m-lesson-in-smart-contract-vulnerabilities"},{"credibility":3,"name":"","type":"other","url":"https://neptunemutual.com/blog/decoding-transit-finances-contract-vulnerability/"}]}],"sources_used":[],"summary":"Transit Swap is a cross-chain DEX aggregator incubated by TokenPocket, supporting swaps across Ethereum, BNB Chain, Polygon, Tron, Solana, and other networks. On October 1–2, 2022, an attacker exploited an input validation vulnerability in the platform's swap contract, draining approximately $21–28.9 million in user funds across Ethereum and BNB Chain. The attacker subsequently returned roughly 70% of stolen assets after security firms identified the exploiter's IP address and email, though an estimated 30% of funds — including amounts routed through Tornado Cash — remain unrecovered.","timeline":[{"date":"2022-10-01","event":"Attacker exploits input validation vulnerability in Transit Swap's swap contract across Ethereum and BNB Chain, draining approximately $21–28.9 million in user funds.","source":""},{"date":"2022-10-02","event":"SlowMist, Numen Cyber Labs, PeckShield, and Bitrace publish on-chain analysis identifying the attacker's address (0x75F2abA6a44580D7be2C4e42885D4a1917bFFD46), IP address, and email. Transit Finance issues a public apology.","source":""},{"date":"2022-10-02","event":"Attacker routes approximately 2,500 BNB through Tornado Cash and attempts a withdrawal via LATOKEN exchange.","source":""},{"date":"2022-10-03","event":"Attacker returns approximately 70% of stolen funds (roughly $16.2–18.9 million) to two addresses on Ethereum and BNB Chain, following communications with security firms and Transit Finance.","source":""},{"date":"2022-10-06","event":"Negotiations continue: attacker communicates on-chain willingness to return an additional portion of funds if Transit Finance guarantees 100% repayment to all affected users; Transit Finance had offered a 5% bounty, attacker countered at 10%.","source":""},{"date":"2022-10-21","event":"Transit Swap officially relaunches with a new open-source contract audited by SlowMist, a whitelist mechanism for external calls, a $1,000,000 bug bounty program, and a Transit Security Fund allocating 10% of monthly revenue to security.","source":""}]},"v":1}