Decentralized finance (DeFi) liquidity provider TrustedVolumes has confirmed it fell victim to a major exploit, resulting in the theft of approximately $6.7 million in digital assets. The breach was first detected by blockchain security firm Blockaid, which identified the attacker executing unauthorized transactions through TrustedVolumes' custom RFQ swap proxy on Ethereum. Stolen funds include 1,291 WETH, 206,282 USDT, 16.93 WBTC, and 1.26 million USDC, currently distributed across three wallet addresses holding roughly $3 million, $3 million, and $700,000.
Cyvers senior security operations lead Hakan Unal attributed the root cause to permissionless signer registration, broken replay protection, and an unvalidated transfer source field, which together allowed the attacker to impersonate a trusted signer and drain victims without valid authorization. He warned that "the damage could have been far greater" due to nonfunctional replay protection, potentially enabling repeated draining of approved accounts. The exploiter was identified as the same entity behind the March 2025 1inch Fusion V1 incident, indicating a persistent, targeted threat actor.
TrustedVolumes stated it is open to "constructive negotiations" with the attacker regarding a bug bounty and a mutually acceptable resolution. In response to social media speculation linking the hack to the 1inch protocol, 1inch issued a firm denial: "We can confirm that neither 1inch nor any of the 1inch protocols are involved. There is no impact on 1inch systems, infrastructure or user funds." Co-founder Sergej Kunz emphasized that while TrustedVolumes is one of many liquidity resolvers used by the aggregator, the platform's redundancy design ensures uninterrupted service for users.
