TrustedVolumes, a liquidity provider used by multiple DeFi protocols, was hit by an exploit that has so far drained around $6.7 million in funds.

Blockchain analytics firm Blockaid's exploit detection system identified the victim contract as TrustedVolumes' resolver on Ethereum, with the attacker extracting approximately 1,291 WETH, 206,282 USDT, 16.93 WBTC, and 1.26 million USDC.

The firm flagged the exploiter as the same operator behind the March 2025 1inch Fusion V1 incident, leveraging a different vulnerability, this time in a TrustedVolumes-controlled custom RFQ swap proxy.

An RFQ, or request-for-quote, swap proxy is a contract that handles price quotes and token swaps between a market maker and traders.

TrustedVolumes confirmed the breach, publishing three wallet addresses holding the stolen funds, approximately $3 million, $3 million, and $700,000, and said it was "open to constructive communication regarding a bug bounty and a mutually acceptable resolution."

Hakan Unal, senior security operations lead at crypto security firm Cyvers, told Decrypt the root cause was a combination of “permissionless signer registration, broken replay protection, and an unvalidated transfer source field.”

The flaws let the attacker act as a trusted signer and drain victims without valid authorization, with funds routed through high-risk no-KYC exchange ChangeNow before being swapped to ETH, he added.

“The damage could have been far greater,” Unal said. “With replay protection nonfunctional, the attacker could have potentially drained additional approved accounts repeatedly.”

Decrypt has reached out to TrustedVolumes for comment.

1inch distances itself

DeFi aggregator 1inch pushed back after reports linked the platform directly to the breach, framing it as an attack on the protocol itself.

“We can confirm that neither 1inch nor any of the 1inch protocols are involved,” 1inch tweeted. “There is no impact on 1inch systems, infrastructure or user funds.”

“From a vetting and monitoring perspective, we are working alongside our security partners to understand the specifics of how this exploit occurred, and we will be incorporating any relevant findings into our ongoing security and integration processes,” a 1inch spokesperson told Decrypt.

If a provider is “unavailable or compromised, others continue to serve users without disruption,” with this “built-in redundancy” a core design principle that “functioned exactly as intended in this case,” the spokesperson added.

“While it is true that 1inch uses TrustedVolumes as a resolver, we are one of many. The framing of this story is ultimately confusing and harmful,” 1inch co-founder Sergej Kunz tweeted.



Attacks on DeFi

“What’s striking about the TrustedVolumes incident is that the same attacker struck twice, months apart, against different contracts,” Nick Harris, founder and CEO of crypto asset recovery platform CryptoCare, told Decrypt, describing the perpetrator as a “patient, targeted operator” rather than an opportunistic hacker. He warned that surviving an exploit doesn’t necessarily close the risk but may instead “open a new one.”

The TrustedVolumes exploit follows a brutal stretch for DeFi, with North Korean hackers draining $285 million from Drift Protocol and Kelp DAO losing $293 million in an attack it blamed on compromised LayerZero infrastructure.

The Kelp hack has since spilled into a U.S. federal court, where Aave is fighting to unblock $71 million in frozen user funds on Arbitrum.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。