Pray, allow me to impart the most lamentable news of TrustedVolumes, a liquidity provider of some repute, connected to the esteemed 1inch. This unfortunate establishment has fallen prey to a most audacious exploit, resulting in the loss of nearly six million pounds-or should I say, dollars-from its Ethereum resolver contract. So says the vigilant Blockaid, a firm of great consequence in the realm of blockchain security.
- Blockaid, with its ever-watchful eye, declares that TrustedVolumes has been relieved of nearly six million dollars from its Ethereum resolver contract during this exploit.
- The miscreant, it seems, is no stranger to such deeds, having been linked to the earlier 1inch Fusion V1 exploit of March 2025.
- This unfortunate affair places additional pressure upon DeFi market makers to scrutinize their approvals and the risks associated with custom proxies, lest they find themselves in a similar predicament.
The pilfered assets, a most impressive haul, included 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. The attack, I must emphasize, affected a custom RFQ swap proxy controlled by TrustedVolumes, rather than a standard user swap route. A most cunning stratagem, indeed.
Blockaid, in its wisdom, asserts that the attacker is one and the same as the operator behind the March 2025 1inch Fusion V1 exploit. However, this latest escapade employed a different vulnerability, tied to TrustedVolumes’ custom RFQ swap proxy. A new trick, it would seem, for an old rogue.
The March 2025 incident, you may recall, also affected third-party resolvers using 1inch Fusion V1. BlockSec, another esteemed firm, later revealed that this exploit resulted in losses exceeding five million dollars, after attackers took advantage of unsafe calldata handling and resolver trust assumptions. A most unfortunate oversight, to be sure.
CertiK Alert, as cited by the ever-informative Binance News, explains that the attacker employed a public function to register as an AllowedOrderSigner. With this guise, the miscreant executed orders that transferred pre-authorized funds from the victim’s address. CertiK, in its benevolence, advises users to revoke approvals linked to the affected contract, lest they too fall victim to such deceit.
The Burdens of DeFi Security Grow Ever Heavier
The TrustedVolumes attack arrives on the heels of a most trying April for DeFi security. Crypto.news reports that protocols lost more than $606 million in the first 18 days of April alone, according to DefiLlama data. A most staggering sum, I must say.
This total was led by two particularly egregious cases. Drift Protocol, poor souls, lost about $285 million, while Kelp DAO suffered a loss of approximately $292 million. Crypto.news assures us that these two exploits accounted for the majority of tracked April losses at that time. A grim tally, indeed.
In a separate update, Crypto.news informs us that Wasabi Protocol lost more than $5 million across Ethereum, Base, Berachain, and Blast. Security firms attribute this loss to a compromised admin key, which allowed attackers to upgrade contracts and drain funds. A most unfortunate breach of trust.
Custom Permissions Prove a Most Vulnerable Weakness
The TrustedVolumes case draws attention once more to resolver contracts, approval systems, and custom market-making tools. These systems, while necessary for the swift movement of funds and completion of trades, often require special permissions that can become a liability when contracts fall prey to vulnerabilities.
This structure, alas, can exacerbate losses when attackers succeed in posing as trusted signers or routing funds through approved contracts. A most perilous situation, to be sure.
It bears mentioning that not all 1inch users were directly affected by this incident. The available reports indicate that TrustedVolumes’ own resolver and RFQ proxy setup were the areas compromised. A small consolation, perhaps, but one worth noting.
Read More
- Silver Rate Forecast
- USD ILS PREDICTION
- Gold Rate Forecast
- Brent Oil Forecast
- 🎄 Crypto’s Festive Flops: Why These Tokens Are More Grinch Than Santa! 🎁
- XRP’s Shocking 51,209% Liquidation Imbalance: Saylor’s One-Word Bitcoin Verdict and Cardano Founder’s Scam Alert
- How Bitmine’s Insatiable Ethereum Appetite Is Stirring the Crypto Tea ☕🐳
- Trump’s Crypto Gambit: Alt5’s Share Plunge 🚀💸
- SWIFT’s CIO Slams Ripple: ‘Lawsuits = Weakness? 💸⚖️’
- 🤑 HumidiFi’s Secret Sauce: $8.55B in a Week? Solana’s Whales Are Swooning! 🐳
2026-05-07 09:37