Image credit: Shutterstock
TrustedVolumes was hit by an Ethereum exploit that drained about $6.7 million from its resolver infrastructure, while 1inch said its own protocol, infrastructure and user funds were not affected.
Early security reports had first put the loss at about $5.87 million. Later reports said TrustedVolumes confirmed roughly $6.7 million in stolen assets across several Ethereum addresses.
$5.87M Early Estimate Rises to $6.7M Confirmed Loss
Blockchain security firm Blockaid said the attack targeted a TrustedVolumes resolver contract on Ethereum.
Early reports said the attacker withdrew about $5.87 million, including 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. CertiK said the attacker used a public function to register as an allowed order signer before executing orders that moved approved funds from the victim address.
TrustedVolumes Custom RFQ Proxy Was Targeted
The exploit affected a custom RFQ swap proxy controlled by TrustedVolumes, not standard user swaps or the core 1inch protocol. Reports said the attacker exploited a flaw in TrustedVolumes’ custom infrastructure and drained funds from pre-authorized assets.
The confirmed risk sits with TrustedVolumes-controlled contracts. The incident highlights the danger of custom routing infrastructure and standing token approvals, which can allow compromised contracts to move pre-authorized funds.
1inch Says Protocol and User Funds Were not Affected
1inch pushed back after some reports described TrustedVolumes as a 1inch-linked market maker or liquidity provider.
The aggregator said TrustedVolumes operates independently and works with multiple protocols across the industry. 1inch said neither its protocol nor its infrastructure was involved, and that user funds were not affected.
TrustedVolumes provides liquidity across several DeFi venues. Its website describes the company as a liquidity provider for wallets and protocols including 0x, 1inch and Uniswap, as well as centralized exchanges.
March 2025 Fusion Link Remains Under Review
Blockaid said the attacker appears to be the same operator behind the March 2025 1inch Fusion V1 incident, though the latest exploit used a different vulnerability.
The earlier case also involved third-party resolver infrastructure. The TrustedVolumes exploit appears to have targeted a custom RFQ proxy instead. For users, the immediate distinction is important. 1inch says its systems were not breached, while the loss was tied to TrustedVolumes’ own infrastructure and token approvals.
