Security firms Blockaid and CertiK said the attacker exploited a publicly accessible function to register as an approved order signer before draining funds through malicious transactions. The stolen assets included Wrapped Ether, USDT, Wrapped Bitcoin, and USDC.
TrustedVolumes Exploit Drains $6.7M
TrustedVolumes, an independent market maker and resolver used by decentralized exchange aggregator 1inch Fusion, confirmed that it suffered a major exploit that resulted in approximately $6.7 million in stolen crypto assets.
The company revealed that the funds are currently spread across three Ethereum wallets, with two of the addresses holding roughly $3 million each and a third wallet containing close to $700,000. In a statement that was shared on X, TrustedVolumes said it was willing to engage in “constructive communication” with the attacker and appeared open to negotiating a bug bounty arrangement or another mutually acceptable resolution.
The exploit first came to light after blockchain security firm Blockaid identified suspicious activity involving TrustedVolumes’ Ethereum-based swap infrastructure. According to Blockaid, the attack targeted a custom swap system controlled by TrustedVolumes and initially resulted in an estimated loss of around $5.87 million. The stolen assets reportedly included Wrapped Ether, USDT, Wrapped Bitcoin, and USDC.
The estimate later increased as more information became available about the attacker’s movements across multiple wallets.
Security researchers later explained that the exploit involved the attacker registering themselves as an approved order signer through a publicly accessible function. Once authorized, the attacker was able to execute malicious orders that drained funds from the affected infrastructure.
Blockchain security company CertiK said the exploit proved how vulnerabilities in third-party infrastructure providers can create serious risks in the decentralized finance ecosystem.
Despite TrustedVolumes’ role in supporting 1inch Fusion trades, 1inch quickly clarified that its own systems were never compromised. The platform stated that its protocols, infrastructure, and user funds remained completely unaffected by the exploit. 1inch co-founder Sergej Kunz explained that TrustedVolumes operates independently and serves multiple protocols rather than functioning exclusively for 1inch.
Security researcher Vladimir Sobolev also pointed out that ordinary 1inch users were never at risk. However, he warned that the incident sheds some light on weaknesses across the crypto industry, particularly regarding the lack of safeguards like monitoring systems, circuit breakers, and emergency shutdown mechanisms.
Interestingly, investigators said that the same operator behind the March 2025 exploit involving outdated 1inch Fusion V1 resolver contracts was responsible for this latest attack. However, researchers said the vulnerability exploited this time was different from the previous incident.
