TrustedVolumes, a DeFi liquidity provider used by multiple protocols, has been exploited for approximately $6.7 million. Blockchain firm Blockaid identified the attack, which drained a mix of cryptocurrencies including WETH, USDT, WBTC, and USDC from a resolver contract on Ethereum. Security experts traced the hack to flaws in signer registration and replay protection, and noted the same attacker was behind a March 2025 1inch Fusion incident. The decentralized exchange aggregator 1inch has denied any exposure, stating its systems and user funds are unaffected.
An exploit has drained around $6.7 million from TrustedVolumes, a liquidity resolver used by multiple DeFi protocols. Blockchain analytics firm Blockaid identified the victim contract on Ethereum, with the attacker extracting a substantial mix of digital assets.
TrustedVolumes confirmed the breach and published addresses holding the stolen funds. The firm stated it was open to communication regarding a bug bounty and resolution.
Security experts linked the attack to a combination of critical vulnerabilities. Hakan Unal of Cyvers said the root cause was “permissionless signer registration, broken replay protection, and an unvalidated transfer source field.”
Unal warned that “The damage could have been far greater,” as the broken replay protection could have allowed repeated draining. The attacker routed funds through the exchange ChangeNow before swapping to ETH.
DeFi aggregator 1inch distanced itself from the incident after reports linked it to the breach. The platform stated that “neither 1inch nor any of the 1inch protocols are involved” and user funds were safe.
1inch co-founder Sergej Kunz tweeted that the framing was “confusing and harmful.” A company spokesperson said its design principles of built-in redundancy functioned as intended.
The incident follows other major DeFi exploits, including attacks on Drift Protocol and Kelp DAO. Nick Harris of CryptoCare noted the same attacker struck months apart, describing a “patient, targeted operator.”
