{"id":19765,"date":"2026-05-07T06:42:08","date_gmt":"2026-05-07T06:42:08","guid":{"rendered":"https:\/\/cryptoted.net\/index.php\/2026\/05\/07\/trustedvolumes-loses-nearly-6m-in-fresh-1inch-linked-exploit\/"},"modified":"2026-05-07T06:42:08","modified_gmt":"2026-05-07T06:42:08","slug":"trustedvolumes-loses-nearly-6m-in-fresh-1inch-linked-exploit","status":"publish","type":"post","link":"https:\/\/cryptoted.net\/index.php\/2026\/05\/07\/trustedvolumes-loses-nearly-6m-in-fresh-1inch-linked-exploit\/","title":{"rendered":"TrustedVolumes loses nearly $6M in fresh 1inch-linked exploit"},"content":{"rendered":"<p> <br \/>\n<br \/><img decoding=\"async\" src=\"https:\/\/media.crypto.news\/2025\/10\/crypto-news-hacker-coder-security-option02.webp\" \/><\/p>\n<div>\n<p><strong>TrustedVolumes, a liquidity provider and market maker connected to 1inch, was hit by an ongoing exploit that drained about $5.87 million from its Ethereum resolver contract, <\/strong><a href=\"https:\/\/x.com\/blockaid_\/status\/2052198320420819089?s=20\" target=\"_blank\" rel=\"nofollow\"><strong>according<\/strong><\/a><strong> to blockchain security firm Blockaid.<\/strong><\/p>\n<div id=\"cn-block-summary-block_63a9abe695c9c0a51687e384708e9357\" class=\"cn-block-summary\">\n<p>\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/p>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Blockaid said TrustedVolumes lost nearly $6 million from its Ethereum resolver contract during the exploit.<\/li>\n<li>The attacker was linked to the earlier 1inch Fusion V1 exploit from March 2025.<\/li>\n<li>The case adds pressure on DeFi market makers to review approvals and custom proxy risks.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The stolen assets <a href=\"https:\/\/bingx.com\/en\/flash-news\/post\/blockaid-flags-ethereum-attack-on-trustedvolumes-resolver-with-m-withdrawn?utm_source=chatgpt.com\" target=\"_blank\" rel=\"nofollow\">included<\/a> 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. The attack affected a TrustedVolumes-controlled custom RFQ swap proxy, not a standard user swap route.<\/p>\n<p>Blockaid said the attacker was the same operator linked to the March 2025 1inch Fusion V1 exploit. However, the firm said the latest case used a different vulnerability tied to TrustedVolumes\u2019 custom RFQ swap proxy.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>The March 2025 incident also affected third-party resolvers using 1inch Fusion V1. BlockSec later said that exploit <a href=\"https:\/\/blocksec.com\/blog\/1inch-incident-from-calldata-corruption-to-forged-settlement-binary-exploitation-goes-on-chain\" target=\"_blank\" rel=\"nofollow\">caused<\/a> more than $5 million in losses after attackers abused unsafe calldata handling and resolver trust assumptions.<\/p>\n<p>CertiK Alert, <a href=\"https:\/\/www.binance.com\/en\/square\/post\/320415398035666\" target=\"_blank\" rel=\"nofollow\">cited<\/a> by Binance News, said the attacker used a public function to register as an AllowedOrderSigner. The attacker then executed orders that moved pre-authorized funds from the victim address. CertiK advised users to revoke approvals linked to the affected contract.<\/p>\n<h2 class=\"wp-block-heading\"><strong>DeFi security pressure keeps rising<\/strong><\/h2>\n<p>The TrustedVolumes attack came after a difficult April for DeFi security. Crypto.news <a href=\"https:\/\/crypto.news\/april-2026-worst-month-for-crypto-hacks\/\" target=\"_blank\">reported<\/a> that protocols lost more than $606 million in the first 18 days of April alone, based on DefiLlama data.<\/p>\n<p>That total was led by two large cases. Drift Protocol lost about $285 million, while <a href=\"https:\/\/crypto.news\/kelp-attack-spreads-risk-across-defi-293m-lost\/\" target=\"_blank\">Kelp DAO lost about $292 million<\/a>. Crypto.news said those two exploits accounted for most tracked April losses at that time.<\/p>\n<p>In a separate <a href=\"https:\/\/crypto.news\/wasabi-protocol-loses-over-5-million-in-multi-chain-exploit\/?utm_source=chatgpt.com\" target=\"_blank\">update<\/a>, crypto.news reported that Wasabi Protocol lost more than $5 million across Ethereum, Base, Berachain, and Blast. Security firms said a compromised admin key allowed attackers to upgrade contracts and drain funds.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Custom permissions remain a weak point<\/strong><\/h2>\n<p>The TrustedVolumes case puts attention back on resolver contracts, approval systems, and custom market-making tools. These systems often need special permissions to move funds and complete trades quickly.<\/p>\n<p>That structure can create risk when permissions remain active after contracts become vulnerable. It can also make losses larger when attackers find a way to act as trusted signers or route funds through approved contracts.<\/p>\n<p>The incident does not show that all 1inch users were directly affected. The available reports point to TrustedVolumes\u2019 own resolver and RFQ proxy setup as the affected area.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/crypto.news\/trustedvolumes-loses-nearly-6m-in-fresh-1inch-linked-exploit\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TrustedVolumes, a liquidity provider and market maker connected to 1inch, was hit by an ongoing exploit that drained about $5.87 million from its Ethereum resolver contract, according to blockchain security firm Blockaid. Summary Blockaid said TrustedVolumes lost nearly $6 million from its Ethereum resolver contract during the exploit. The attacker was linked to the earlier [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":19766,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[23],"tags":[],"kronos_expire_date":[],"class_list":["post-19765","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto"],"_links":{"self":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/19765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/comments?post=19765"}],"version-history":[{"count":0,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/19765\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media\/19766"}],"wp:attachment":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media?parent=19765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/categories?post=19765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/tags?post=19765"},{"taxonomy":"kronos_expire_date","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/kronos_expire_date?post=19765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}