Back

TrustedVolumes Exploit Drains $6.7M from DeFi Liquidity Provider

Severity: High (Score: 65.2)

Sources: Decrypt.Co, www.tradingview.com, www.halborn.com, Cryptopotato, coinpaper.com

Published: 2026-05-07 · Updated: 2026-05-13

Keywords: trustedvolumes, market, maker, million, exploit, security, liquidity

Summary

TrustedVolumes, a liquidity provider for DeFi protocols, suffered an exploit on May 7, 2026, leading to the theft of approximately $6.7 million in crypto assets. The attacker exploited a vulnerability in a custom request-for-quote (RFQ) swap proxy, allowing them to register as an approved order signer and drain funds. The stolen assets included 1,291 WETH, 206,282 USDT, 16.93 WBTC, and 1.26 million USDC, with the funds spread across three wallets. Blockchain security firms Blockaid and CertiK confirmed the attack and linked it to the same perpetrator behind the March 2025 1inch Fusion V1 exploit, although a different vulnerability was exploited this time. TrustedVolumes has expressed willingness to negotiate a bug bounty with the attacker. Despite the incident, 1inch clarified that its systems remain unaffected, emphasizing the independent operation of TrustedVolumes. The exploit is part of a troubling trend in DeFi, with multiple breaches reported in early May 2026. Key Points: • TrustedVolumes lost approximately $6.7 million due to an exploit on May 7, 2026. • The attacker exploited a vulnerability in a custom RFQ swap proxy, allowing unauthorized fund drainage. • 1inch confirmed no impact on its systems, distancing itself from the exploit linked to TrustedVolumes.

Detailed Analysis

**Impact** TrustedVolumes, a liquidity provider and market maker used by multiple DeFi protocols including 1inch Fusion, suffered a loss of approximately $6.7 million in crypto assets. The stolen funds comprised 1,291 WETH, 206,282 USDT, 16.93 WBTC, and 1.26 million USDC, distributed across three Ethereum wallets. The breach affected the DeFi sector globally, with no direct impact on 1inch’s systems or user funds, but it contributed to a series of major DeFi exploits totaling over $8 million in early May 2026. **Technical Details** The attacker exploited a vulnerability in a TrustedVolumes-controlled custom Request-for-Quote (RFQ) swap proxy on Ethereum, leveraging a publicly accessible function to register as an approved order signer without authorization. This allowed execution of malicious transactions draining funds through the compromised resolver contract (0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31). The attacker is linked to the March 2025 1inch Fusion V1 exploit but used a different vulnerability. Funds were routed through no-KYC exchange ChangeNow and internally swapped to ETH. No CVE identifiers were provided. **Recommended Response** Defenders should immediately audit and restrict access to signer registration functions within RFQ swap proxies and related smart contracts. Deploy monitoring for unauthorized signer registrations and anomalous transaction patterns on resolver contracts. Implement replay protection and validate transfer source fields rigorously. Maintain redundancy in DeFi infrastructure to mitigate single points of failure and monitor high-risk no-KYC exchanges for suspicious fund flows.

Source articles (17)

  • 1inch liquidity provider TrustedVolumes hit with ongoing exploit, draining nearly $6 million: Blockaid — Theblock.Co · 2026-05-07
    TrustedVolumes, a liquidity provider and market maker for decentralized exchange aggregator 1inch, is suffering an ongoing attack that has drained around $5.87 million, blockchain security firm Blocka…
  • DeFi Platform TrustedVolumes Hit by $6.7M Exploit — Decrypt.Co · 2026-05-07
    TrustedVolumes, a liquidity provider used by multiple DeFi protocols, was hit by an exploit that has so far drained around $6.7 million in funds. Blockchain analytics firm Blockaid's exploit detection…
  • 1inch Distances Itself From $6.7M TrustedVolumes Exploit — Cryptorank · 2026-05-07
    - TrustedVolumes exploit drained ~ $6.7M in crypto (WETH, USDT, WBTC, USDC); stolen funds split across three Ethereum wallets (~$3M, ~$3M, ~$700k). - Attacker abused a publicly accessible function to…
  • DeFi attacker steals $6.7M from 1inch market maker — Mexc.Co · 2026-05-07
    1inch liquidity provider and market maker TrustedVolumes has fallen victim to an ongoing exploit on the Ethereum network. As of now, approximately $6.7 million has been drained in wrapped assets and s…
  • TrustedVolumes Market Maker Suffers $5.87 Million Exploit — Castlecrypto.Gg · 2026-05-07
    A critical third-party market maker has recently suffered a multi-million dollar security breach. According to data published by blockchain security firm Blockaid, an active exploit targets the Truste…
  • News Explorer — DeFi Liquidity Provider TrustedVolumes Loses $6.7M in Exploit — Decrypt.Co · 2026-05-07
    TrustedVolumes, a DeFi liquidity provider, suffered a $6.7 million exploit, with the attacker draining various cryptocurrencies. The breach was identified by Blockaid's exploit detection system, linki…
  • 1inch Resolver TrustedVolumes Drained for $6.7M on Ethereum - "The Defiant" — Thedefiant · 2026-05-07
    Liquidity provider TrustedVolumes, a market maker and resolver used by 1inch Fusion and other protocols, confirmed on Thursday that it had been drained for roughly $6.7 million in an exploit on the Et…
  • Fusion V1 bug — www.halborn.com · 2026-05-07
    1inch, a decentralized exchange aggregator, was the victim of a $5 million hack in March 2025. The attacker exploited a vulnerability affecting 1inch resolvers to steal the tokens before returning mos…
  • Read the article at Coinpaper — coinpaper.com · 2026-05-08
    Security firms Blockaid and CertiK said the attacker exploited a publicly accessible function to register as an approved order signer before draining funds through malicious transactions. The stolen a…
  • 1inch Fusion V1 incident — blog.1inch.com · 2026-05-08
    A vulnerability for resolver integrations detected in the implementation of obsolete 1inch Fusion V1 settlement smart contract prompted 1inch to swiftly redeploy it as a precaution to reinforce securi…
  • Hacker Drains $5.9M From Ethereum Liquidity Provider TrustedVolumes — Cryptopotato · 2026-05-09
    TrustedVolumes, a liquidity provider on the Ethereum blockchain, lost $5.9 million in funds to a hacker on Thursday. The attacker was able to exploit a vulnerability within the custom trading system u…
  • 1inch Resolver TrustedVolumes Drained for $6.7M in Ethereum Exploit — Mexc · 2026-05-11
    TrustedVolumes, a prominent market maker and resolver for 1inch Fusion, was exploited for $6.7 million on Thursday. The attacker abused a publicly accessible function to register as an authorized orde…
  • Explained: The TrustedVolumes Hack (May 2026) — Halborn · 2026-05-12
    In May 2026, TrustedVolumes, a DeFi liquidity provider and market maker associated with 1inch, was the victim of a hack . The attacker exploited a vulnerability in the protocol’s request-for-quote (RF…
  • 1inch Hack? TrustedVolumes Exploit Drains $6.7M in May 2026 — Memeburn · 2026-05-12
    The latest crypto hack is making headlines, and this time it has a familiar name attached. On May 7, 2026 , security firm Blockaid flagged an active DeFi exploit draining funds from TrustedVolumes , a…
  • TrustedVolumes Hacker Moves Stolen Crypto Through Mixers: PrekShield Speculates — Analyticsinsight · 2026-05-13
    A hacker has begun laundering stolen crypto tied to the $6.7 million TrustedVolumes exploit, according to PeckShield. The cybersecurity firm said the attacker had already moved hundreds of thousands o…
  • Newsbtc:849c83f08094b:0 Defi Platform Trustedvolumes Hit By 6 7m Hack As 2026 Exploits Surge — www.tradingview.com · 2026-05-12
  • Halborn Security — github.com · 2026-05-12

Timeline

  • 2026-05-07 — Exploit on TrustedVolumes confirmed: TrustedVolumes reported a loss of approximately $6.7 million due to an exploit targeting its RFQ swap proxy.
  • 2026-05-07 — Blockaid identifies exploit details: Blockaid reported that the attacker used a vulnerability to register as an approved signer, draining funds from TrustedVolumes.
  • 2026-05-07 — 1inch distances itself from incident: 1inch clarified that its systems were unaffected by the TrustedVolumes exploit, emphasizing its independent operations.
  • 2026-05-08 — TrustedVolumes updates loss estimate: TrustedVolumes confirmed the total loss from the exploit increased to $6.7 million as more information became available.

Related entities

  • 0xSisyphus (Apt Group)
  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • 1inch (Company)
  • 1inch Fusion V1 (Company)
  • Bisq (Company)
  • Bybit (Company)
  • Drift Protocol (Company)
  • Ekubo Protocol (Company)
  • Kelp DAO (Company)
  • Sharwa.Finance (Company)
  • SmartCredit (Company)
  • TrustedVolumes (Company)
  • Arbitrum (Company)
  • Ethereum (Company)
  • Fusion (Company)
  • Drift (Campaign)
  • Australia (Country)
  • CWE-120 - Classic Buffer Overflow (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • CWE-862 - Missing Authorization (Cwe)
  • 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31 (Eth)
  • 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100 (Eth)
  • Financial (Industry)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • T1190 - Exploit Public-Facing Application (Mitre Attack)
  • 1inch Fusion (Platform)
  • Ethereum Mainnet (Platform)
  • LayerZero (Platform)
  • Fusion V1 Bug (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed