Back

TrustedVolumes Exploit Drains $6.7M from DeFi Liquidity Provider

Severity: High (Score: 65.2)

Sources: www.halborn.com, Mexc.Co, blog.1inch.com, Thedefiant, Castlecrypto.Gg

Summary

TrustedVolumes, a liquidity provider for DeFi protocols, suffered an exploit on May 7, 2026, leading to the theft of approximately $6.7 million in crypto assets. The attacker exploited a vulnerability in a custom request-for-quote (RFQ) swap proxy, allowing them to register as an approved order signer and drain funds. The stolen assets included 1,291 WETH, 206,282 USDT, 16.93 WBTC, and 1.26 million USDC, with the funds spread across three wallets. Blockchain security firms Blockaid and CertiK confirmed the attack and linked it to the same perpetrator behind the March 2025 1inch Fusion V1 exploit, although a different vulnerability was exploited this time. TrustedVolumes has expressed willingness to negotiate a bug bounty with the attacker. Despite the incident, 1inch clarified that its systems remain unaffected, emphasizing the independent operation of TrustedVolumes. The exploit is part of a troubling trend in DeFi, with multiple breaches reported in early May 2026. Key Points: • TrustedVolumes lost approximately $6.7 million due to an exploit on May 7, 2026. • The attacker exploited a vulnerability in a custom RFQ swap proxy, allowing unauthorized fund drainage. • 1inch confirmed no impact on its systems, distancing itself from the exploit linked to TrustedVolumes.

Key Entities

  • 0xSisyphus (apt_group)
  • Data Breach (attack_type)
  • Phishing (attack_type)
  • 1inch (company)
  • 1inch Fusion V1 (company)
  • Bisq (company)
  • Bybit (company)
  • Drift Protocol (company)
  • Drift (campaign)
  • Australia (country)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • CWE-862 - Missing Authorization (cwe)
  • 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31 (eth)
  • 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100 (eth)
  • Financial (industry)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • 1inch Fusion (platform)
  • Ethereum Mainnet (platform)
  • LayerZero (platform)
  • Fusion V1 Bug (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed