Loading prices…
Zipp Zipp Advertise
Sign up Sign in
🩸BEARISH TheBlock

inch Liquidity Provider TrustedVolumes Loses $6.7M in Exploit

The same attacker hit 1inch Fusion V1 in March and is back via a different vulnerability in TrustedVolumes' resolver — part of a $635M April hack month now bleeding straight into May.

TrustedVolumes, a market maker and liquidity provider for 1inch, is bleeding funds in an active exploit that has drained roughly $6.7 million, the firm confirmed Thursday. Blockchain security firm Blockaid first flagged the attack on Wednesday, initially pegging losses at $5.87 million across 1,291.16 WETH, 206,282 USDT, 16.939 WBTC and 1,268,771 USDC lifted from TrustedVolumes' resolver contract on Ethereum. TrustedVolumes said it is weighing a bug bounty to bring the incident to a close.

Why it matters

Blockaid linked the attacker to the March 2025 exploit of 1inch Fusion V1, which drained around $5 million — but said this time the entry point is different. The current hit targets a TrustedVolumes-controlled custom RFQ swap proxy, not 1inch core code. 1inch stressed the same point publicly, noting TrustedVolumes operates independently and is used by multiple protocols, with no impact on 1inch's systems, infrastructure, or user funds.

That distinction matters for contagion reads: the aggregator is clean, but a repeat offender has now found two separate holes in the 1inch liquidity stack in eight weeks. TrustedVolumes is a named counterparty for a top DEX aggregator, and resolvers sit on the routing path users see as 1inch fills.

Market impact

The exploit lands inside an already brutal stretch for DeFi. DefiLlama data shows $635.2 million stolen across hacks and exploits in April — the largest monthly haul since the nearly $1.5 billion Bybit heist in February. The TrustedVolumes hit is the fifth major exploit since the start of May, following the $285 million social engineering attack on Drift and the $293 million Kelp DAO exploit. With a known attacker reusing tradecraft across successive targets and no public arrest or recovery, the near-term read is that resolver-level infrastructure outside the named protocols is the soft underbelly the industry has not yet hardened.

Related tokens
$ETH $BTC $USDT $USDC
#1inch#exploit#liquidity provider#DeFi

Frequently asked questions

  1. How much was drained in the TrustedVolumes exploit?

    Blockaid initially flagged losses of $5.87 million, broken down as 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. TrustedVolumes later updated the figure to around $6.7 million.

  2. Is 1inch itself affected by the TrustedVolumes exploit?

    No. 1inch said TrustedVolumes operates independently as a liquidity provider used by multiple protocols, and confirmed there is no impact on its systems, infrastructure, or user funds.

  3. Who is behind the TrustedVolumes attack?

    Blockchain security firm Blockaid linked the attacker to the same entity that exploited 1inch Fusion V1 in March 2025, which drained around $5 million. Blockaid said this attack uses a different vulnerability in a TrustedVolumes-controlled custom RFQ swap proxy.

  4. What is TrustedVolumes and what is its role on 1inch?

    TrustedVolumes is an independent market maker and liquidity provider that supplies liquidity for 1inch, and is also used by multiple other protocols across the industry. It is not exclusive to 1inch.

  5. How does this fit into the broader DeFi exploit trend?

    DefiLlama data shows $635.2 million stolen in DeFi hacks and exploits during April, the largest monthly total since the nearly $1.5 billion Bybit heist in February. The TrustedVolumes hit is the fifth major exploit since the start of May, following the $285 million Drift and $293 million Kelp DAO attacks.

Source attribution
Aggregated from TheBlock · Verified · Last refreshed 49d ago
Open original →

More from Security

Stories our editors think pair well with this one.

Older in Security

Catch up on earlier coverage from this beat.