The decentralized finance (DeFi) sector has once again been hit by a significant security breach, as TrustedVolumes, a liquidity provider used across multiple DeFi protocols, reportedly suffered an exploit resulting in the theft of approximately $6.7 million, around ₹56 crore, in crypto assets.
Resolver Contract Targeted on Ethereum Network
According to blockchain analytics firm Blockaid, the attack targeted a “resolver contract” operated by TrustedVolumes on the Ethereum network. The attacker exploited vulnerabilities in the system to drain digital assets, including approximately 1,291 WETH, 206,282 USDT, 16.93 WBTC, and 1.26 million USDC.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Security researchers noted that the exploit shows similarities to earlier attack patterns linked to a March 2025 incident involving 1inch Fusion V1, although the latest breach used a different vulnerability vector. In this case, the attacker leveraged weaknesses in TrustedVolumes’ custom RFQ swap proxy infrastructure.
An RFQ swap proxy is a smart contract mechanism that facilitates token pricing and swaps between traders and liquidity providers or market makers. Security experts believe this system became the entry point for the exploit due to insufficient validation and flawed authorization controls.
Technical Flaws Allowed Unauthorized Withdrawals
TrustedVolumes has confirmed the breach and stated that it has identified three wallet addresses receiving stolen funds, valued at approximately $3 million, $3 million, and $700,000 respectively. The platform has also indicated it is open to discussions regarding a potential bug bounty and recovery process.
According to Hakan Unal, Senior Security Operations Lead at Cyvers, the exploit was caused by a combination of technical flaws, including permissionless signer registration, broken replay protection, and an unverified transfer source field. These weaknesses allowed the attacker to effectively impersonate a trusted signer and execute unauthorized withdrawals.
Experts further warned that the absence of proper replay protection could have enabled repeated exploitation, potentially increasing the total financial damage significantly if the issue had not been detected early.
“1 inch” Denies Impact on Core Systems
In response to media reports linking the breach to its ecosystem, 1inch, a major DeFi aggregator, clarified that neither its core systems nor user funds were impacted. The platform stated that TrustedVolumes is only one of several liquidity resolvers used within its broader infrastructure.
The company emphasized that its systems continued operating normally and that redundancy across resolvers ensured uninterrupted service. 1inch co-founder Sergej Kunz also stated that the exploit was external to the 1inch protocol and did not compromise its infrastructure.
Security analysts note that the incident adds to a growing list of high-value DeFi exploits in recent months. Earlier cases include the $285 million loss at Drift Protocol and a $293 million exploit linked to Kelp DAO, highlighting persistent vulnerabilities in cross-chain and liquidity systems.
Cybersecurity experts suggest that the attacker behind the TrustedVolumes exploit appears to be a highly strategic operator rather than a random hacker, carefully targeting system weaknesses over time. Such threat actors often study protocol behavior before executing precision-based attacks.
While TrustedVolumes has initiated an investigation and is tracking associated wallet activity, no confirmed recovery of stolen funds has been reported so far. The platform continues to coordinate with security partners and blockchain monitoring firms to trace the movement of assets.
