Transit Finance was hit with a fresh exploit, losing just under $1.9 million as attackers routed funds from Tron over to Ethereum. The path the funds took is key: this wasn’t an exploit that broke Ethereum itself, but rather one that leveraged cross-chain infrastructure—moving assets from Tron, then consolidating them in a single Ethereum wallet. Right now, the attacker is holding about $1.87 million DAI on Ethereum, and that’s where investigators, analytics firms, and issuers have focused their attention.
Ethereum figures in not because its core network was compromised, but because it is where the suspected attacker wallet now sits. That gives watchers a single public destination to monitor. In cases like this, on-chain tracing tends to focus on the wallet where assets are aggregated, because that is where laundering, freezing requests, or recovery attempts can become visible. That also makes this different from the recent Aave and Kelp recovery case, which centered on court-approved movement of funds that had already been frozen.
Cross-chain exploits like this highlight that the ultimate headline isn’t always the chain where the exploit started, but the one where the money lands. Whether Ethereum’s visibility as a settlement layer helps with recovery, or simply marks one more pitstop for attackers, is the open question as wallets and exchanges keep watch.