Independent market maker and resolver TrustedVolumes has confirmed it was exploited, with approximately $6.7 million in stolen funds now held across three Ethereum addresses. The incident, which targeted the firm’s custom swap infrastructure, has prompted the decentralized exchange aggregator 1inch to clarify that its own protocols and user funds were not affected.
Details of the exploit
In a post on X on Thursday, TrustedVolumes stated that the stolen funds were split across three wallets: two addresses each holding roughly $3 million and a third containing about $700,000. The market maker expressed openness to “constructive communication” regarding a bug bounty and a “mutually acceptable resolution.”
Also read: Ethics standoff threatens Senate progress on CLARITY Act crypto bill ahead of Thursday markup
The confirmation followed an alert from Web3 security company Blockaid, whose exploit detection system identified an ongoing attack on TrustedVolumes. Blockaid initially estimated that approximately $5.87 million had been extracted, including Wrapped Ether (WETH), Tether (USDT), Wrapped Bitcoin (WBTC), and USD Coin (USDC). Blockchain security firm CertiK later reported that the attacker registered as an allowed order signer through a public function, then used that authorization to execute fraudulent orders.
1inch distances itself from the incident
In a separate post on X, 1inch described reports linking it directly to the TrustedVolumes exploit as “misleading,” adding that “neither 1inch nor any of the 1inch protocols are involved.” The platform emphasized there was “no impact on 1inch systems, infrastructure or user funds.”
Also read: Circle stock surges 15% after strong earnings, $222M ARC token presale fuels stablecoin optimism
1inch co-founder Sergej Kunz further clarified that TrustedVolumes operates independently and is not exclusive to 1inch. “While it is true that 1inch uses TrustedVolumes as a resolver, we are one of many,” Kunz said. He noted that framing the exploit as a 1inch-related incident was “confusing and harmful,” and that 1inch is monitoring the situation with security partners.
Broader security concerns in DeFi
Security researcher Vladimir Sobolev, known as Officer’s Notes on X, told Cointelegraph that there was “no risk for 1inch users” and that the exploit was isolated to TrustedVolumes. However, he pointed to broader weaknesses in crypto security practices, stating: “We lack security in general. Blockchains just tend to have an immediate payoff. We need to pay more attention to kill switches, monitoring, circuit breakers, etc.”
Both Blockaid and Sobolev noted that the attack was carried out by the same operator responsible for a March 2025 exploit involving 1inch Fusion V1 resolvers. However, Blockaid confirmed that the latest attack exploited a different vulnerability. In the March 2025 incident, 1inch stated that a vulnerability affected resolvers using an outdated Fusion v1 implementation, while end-user funds remained safe. SlowMist later traced approximately $5 million in stolen assets, including USDC and Wrapped Ether. The attacker returned most of the funds under a bug bounty agreement.
Why this matters
This incident underscores the risks associated with third-party infrastructure in decentralized exchange execution. Resolvers and market makers often operate their own contracts, and vulnerabilities in those systems can lead to significant losses, even when the core protocol and ordinary users remain unaffected. The exploit highlights the need for enhanced security measures, including strong monitoring, kill switches, and circuit breakers, to protect against similar attacks in the future.
Conclusion
The $6.7 million exploit targeting TrustedVolumes serves as a reminder of the security challenges inherent in DeFi. While 1inch has confirmed that its own systems and users are safe, the incident raises important questions about the security of independent resolvers and market makers. As the industry continues to evolve, implementing stronger security protocols will be critical to maintaining trust and preventing future losses.
FAQs
Q1: Were 1inch user funds affected by the TrustedVolumes exploit?
No. 1inch has stated that its protocols, infrastructure, and user funds were not impacted. The exploit was isolated to TrustedVolumes’ custom swap infrastructure.
Q2: How did the attacker execute the exploit?
According to CertiK, the attacker registered as an allowed order signer through a public function, then used that authorization to execute fraudulent orders that transferred funds from the targets.
Q3: What is TrustedVolumes doing about the stolen funds?
TrustedVolumes has confirmed the exploit and stated it is open to “constructive communication” regarding a bug bounty and a mutually acceptable resolution. The stolen funds are currently held across three Ethereum addresses.
Be the first to comment