Written by Ezra Reguerra⁠, Staff Writer. Reviewed by Bryan O’Shea⁠, Staff Editor.

Written by Ezra Reguerra⁠, Staff Writer.

Reviewed by Bryan O’Shea⁠, Staff Editor.

TrustedVolumes hit by $6.7M exploit as 1inch denies breach

Latest NewsPublishedMay 7, 2026

1inch stated its protocols, infrastructure and user funds were not affected by the exploit targeting independent resolver TrustedVolumes.

TrustedVolumes, an independent market maker and resolver used by 1inch Fusion, verified it was exploited and stated about $6.7 million in stolen funds are being held across three Ethereum addresses.

In a Thursday X post, the market maker stated the stolen funds were split across three wallets, with two addresses each holding about $3 million and a third holding about $700,000. TrustedVolumes stated it was open to “constructive communication” over a bug bounty and a “mutually acceptable resolution.”

The confirmation came after Web3 security company Blockaid stated its exploit detection system had identified an ongoing Ethereum exploit targeting TrustedVolumes. Blockaid stated the attack involved a TrustedVolumes-controlled custom swap infrastructure. Blockaid initially estimated that about $5.87 million had been extracted, including Wrapped Ether, USDT, Wrapped Bitcoin and USDC.

Blockchain security company CertiK stated the attacker registered as an allowed order signer through a public function, then used that authorization to execute orders that transferred funds from the targets.

The incident highlights the risks around third-party infrastructure used in decentralized exchange execution, where resolvers and market makers can operate their own contracts even when the core protocol and ordinary users are not directly affected. TrustedVolumes operates independently as a liquidity provider for multiple protocols, including 1inch, which stated its own systems, infrastructure and user funds were not affected.

Cointelegraph reached out to TrustedVolumes for additional comment but had not received a response by publication. 

Source: TrustedVolumes

1inch says none of its protocols were breached

In an X post, 1inch stated reports linking it directly to the TrustedVolumes exploit were “misleading,” adding that “neither 1inch nor any of the 1inch protocols are involved.” The platform stated there was “no impact on 1inch systems, infrastructure or user funds.”

1inch co-founder Sergej Kunz also stated TrustedVolumes operates independently and is not exclusive to 1inch. “While it is true that 1inch uses TrustedVolumes as a resolver, we are one of many,” Kunz stated.

Kunz stated the framing of the exploit as a 1inch-related incident was “confusing and harmful,” adding that 1inch is monitoring the situation with security partners and will assist where appropriate.

Related: Andre Cronje says DeFi is ‘no longer DeFi’ as builders debate circuit breakers

Security researcher Vladimir Sobolev, known as Officer’s Notes on X, also told Cointelegraph there was “no risk for 1inch users,” adding that the exploit was related only to TrustedVolumes. 

Sobolev stated the exploit points to broader weaknesses in crypto security practices, where vulnerabilities can quickly produce immediate losses. 

“We lack security in general. Blockchains just tend to have an immediate payoff,” Sobolev told Cointelegraph. “We need to pay more attention to kill switches, monitoring, circuit breakers, etc.”

Both Blockaid and Sobolev pointed out that the attack was carried out by the same operator responsible for the March 2025 1inch Fusion V1 resolver exploit. nevertheless, Blockaid stated the latest attack involved a different vulnerability.

In March 2025, 1inch stated a vulnerability affected resolvers using an outdated Fusion v1 implementation in their own contracts, while end-user funds remained safe. SlowMist later traced about $5 million in stolen assets, including USDC and Wrapped Ether.

1inch and the affected resolver negotiated with the attacker, who returned most of the stolen funds under a bug bounty agreement, as reported by 1inch and Decurity’s postmortem.

Magazine: North Korea denies crypto hacks, Upbit’s bank tests Ripple: Asia Express

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

• Security
• Cybersecurity
• Hacks
• Scams
• DeFi
• Blockchain

More on the subject

Polygon reduces block time to 1.75 seconds as payments push accelerates

2 hours ago

Zoltan Vardai

BNY eyes institutional Bitcoin, Ethereum custody for investors in UAE

7 hours ago

Amin Haqshanas

Quantum attacks could worsen without proof of ownership: Near One

9 hours ago

Brayden Lindrea

Polygon reduces block time to 1.75 seconds as payments push accelerates

2 hours ago

Zoltan Vardai

BNY eyes institutional Bitcoin, Ethereum custody for investors in UAE

7 hours ago

Amin Haqshanas

Quantum attacks could worsen without proof of ownership: Near One

9 hours ago

Brayden Lindrea