Hackers drained nearly $5.9 million from TrustedVolumes, a 1inch market maker and resolver on Ethereum. The attack targeted resolver infrastructure used for decentralized trade execution rather than ordinary 1inch user swaps. Stolen assets included 1,291.16 WETH ($3.02M), 16.94 WBTC ($1.37M), and ~$1.47M in stablecoins (USDC + USDT).
PeckShield flagged the exploit in a post on X, saying the attacker had already converted the stolen funds into about 2,513 ETH. Blockchain data show the funds moved through a newly deployed smart contract tied to suspicious settlement activity. However, available data suggests the breach affected backend liquidity infrastructure, not the standard 1inch trading interface used by most retail traders.
Resolver infrastructure comes under pressure
On-chain data shows the suspicious transaction was finalized in block 25,039,670 and had received more than 418 confirmations at the time of reporting. The funds were moved from wallet address 0xC3..9100 through a newly deployed smart contract believed to be tied to the exploit. Blockchain records also show transfers totaling about 1,291 WETH, valued at nearly $3 million.
The transaction involved multiple assets, including USDC, USDT, and WBTC, indicating the attacker consolidated several token movements within a single operation. Security researchers believe the exploit may have targeted a custom RFQ swap proxy associated with TrustedVolumes.
Meanwhile, blockchain security firm Blockaid linked the attacker to the March 2025 1inch Fusion V1 exploit, although the vulnerability appears different in this case.
The attack targeted resolver infrastructure rather than the public-facing 1inch platform used by most traders. These resolver systems help process trades and manage liquidity across decentralized exchanges. However, they also control large token balances and settlement functions, creating bigger risks when developers fail to secure custom contracts properly.
1inch responds
1inch issued a statement on May 7, denying involvement in a reported $5.9M exploit on TrustedVolumes, confirming no impact on their protocols, systems, infrastructure, or user funds.
It added, “We continue to monitor the situation and are actively assisting where appropriate alongside relevant security parties.”
DeFi security risks continue rising
The TrustedVolumes exploit adds to a growing series of attacks hitting deeper parts of the DeFi industry. Earlier incidents exposed weaknesses in trading routers, bridge systems, token approvals, and settlement tools. Recent attacks involving Ekubo Protocol and KelpDAO have also increased pressure on security teams across the sector.
Modern DeFi platforms now depend on multiple connected systems working together behind the scenes. A simple wallet swap can involve pricing engines, resolver contracts, settlement tools, and third-party integrations. As a result, a single weakness in one layer can quickly put millions of dollars at risk.
TrustedVolumes’ security incident brings out the bigger issue affecting decentralized finance platforms. More advanced trading platforms are continuously being created to attract users through their speed and efficiency. Nonetheless, with each additional layer comes another opportunity for hackers to find weaknesses.
Also Read: $41.5 Million Frozen: Inside the Takedown of the DSJ Exchange Ponzi Scheme
