Key Takeaways:
- Blockaid, a Blockchain security firm, identified an ongoing $5.87 million exploit of TrustedVolumes using Ethereum.
- 1inch stated that the attack had no impact on its protocols, infrastructure, and user funds.
- The exploit seems to be from the same operator behind the Fusion-V1 incident of March 2025, but using a different vulnerability.
A fresh DeFi security incident is putting liquidity infrastructure providers under pressure after TrustedVolumes, an independent market maker used by multiple protocols, suffered a multi-million-dollar exploit on Ethereum.
The attack was first flagged by blockchain security company Blockaid, which said the exploit was still active while funds continued moving from the compromised resolver contract.
TrustedVolumes Loses Nearly $6 Million in Ethereum Attack
According to Blockaid, the exploit targeted a TrustedVolumes resolver contract tied to RFQ swap execution infrastructure on Ethereum.
🚨 Blockaid’s exploit detection system has identified an on-going exploit on TrustedVolumes (1inch market maker / resolver, @trustedvolumes ).
Chain: EthereumVictim contract: TrustedVolumes resolver — 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31
Exploiter:…
— Blockaid (@blockaid_) May 7, 2026
The attacker wallet identified by researchers reportedly extracted around $5.87 million in digital assets, including approximately 1,291 WETH, 206,000 USDT, nearly 17 WBTC, and more than 1.26 million USDC.
Security researchers linked the exploit to a custom RFQ swap proxy controlled by TrustedVolumes rather than any core 1inch protocol infrastructure.
The exploiter address was also connected to the March 2025 Fusion V1 incident that previously impacted liquidity execution systems within the broader 1inch ecosystem. However, Blockaid stressed this latest exploit involves a separate vulnerability.
Read More: $7.6M DeFi Exploit Rocks Rhea Finance as Hackers Manipulate Pools in Hours
1inch Responds After Confusion Spreads Online
Shortly after the reports spread around crypto social media platforms’ 1inch issued a public statement clarifying that 1inch protocols were in no way involved, and therefore they suffered no significant loss.
The company said neither 1inch nor any official 1inch protocol was compromised. It also stated there was no impact on user funds, backend systems, or infrastructure.
1inch Says TrustedVolumes Operates Independently
1inch explained that TrustedVolumes acts as an independent liquidity provider used across multiple DeFi platforms and is not exclusive to the 1inch ecosystem. The protocol added that it is actively monitoring the situation and cooperating with relevant security teams where necessary.
That clarification became important after early reports incorrectly implied a direct protocol-level breach at 1inch itself. This update was beneficial in streamlining the trading and liquidity providing process on the platform, allowing traders to more easily navigate and avoid confuse.
DeFi Security Risks Continue to Escalate
Following this attack, there are many other serious DeFi hacks in circulation this year, with hackers mainly targeting liquidity routing systems, swap infrastructure, and execution layers as opposed to just attacking smart contracts.
Security firms have warned that modern DeFi architecture has become significantly more complex because protocols now rely on aggregators, RFQ engines, off-chain routing systems, and third-party liquidity integrations.
Data from DefiLlama previously showed crypto exploits surged sharply in recent months, with hundreds of millions of dollars lost across DeFi protocols and infrastructure providers.
The TrustedVolumes incident is already being viewed as another major reminder that liquidity infrastructure and routing systems remain one of the most vulnerable areas inside decentralized finance.
Read More: $290M KelpDAO Hack SHOCK: LayerZero Points to Fatal DVN Flaw, Lazarus Suspected
