What Happened in the TrustedVolumes Exploit?
TrustedVolumes, a liquidity provider and market maker for decentralized exchange aggregator 1inch, has been hit by an ongoing exploit that has drained more than $6.7 million.
Blockchain security firm Blockaid initially estimated losses at $5.87 million, identifying the attack on the resolver contract deployed on Ethereum. The stolen funds included 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC.
TrustedVolumes later confirmed the incident and revised the total losses upward. The firm also indicated it may consider a bug bounty as part of its response.
According to Blockaid, the attacker is the same entity behind the March 2025 exploit of 1inch Fusion V1, which resulted in losses of around $5 million. The current attack, however, targets a different vulnerability linked to a custom request-for-quote swap proxy controlled by TrustedVolumes.
Is 1inch or Its Users Affected?
1inch stated that its systems, infrastructure, and user funds have not been impacted by the exploit. The company emphasized that TrustedVolumes operates independently as a liquidity provider and is used by multiple protocols across the industry.
“TrustedVolumes operate independently as a liquidity provider, used by multiple protocols across the industry, and are not exclusive to 1inch,” the company said, adding that it is monitoring the situation and assisting where needed alongside security partners.
The distinction highlights how DeFi ecosystems rely on interconnected participants, where vulnerabilities at the liquidity provider level can occur without directly compromising the core protocol.
Investor Takeaway
Why Are DeFi Exploits Increasing?
The TrustedVolumes incident comes amid a sharp increase in DeFi-related attacks. In April alone, total losses reached $635.2 million, marking the highest monthly total since February 2025, when nearly $1.5 billion was stolen in the Bybit breach.
Recent incidents include a $285 million social engineering attack on Drift and a $293 million exploit involving Kelp DAO. The TrustedVolumes exploit is the fifth major attack reported since the beginning of May.
The frequency of these incidents points to persistent weaknesses in smart contract design, integration layers, and operational security across DeFi infrastructure.
Investor Takeaway
What Does This Mean for DeFi Market Structure?
The exploit reinforces the complexity of DeFi market structure, where multiple independent actors interact through shared infrastructure. Liquidity providers, aggregators, and execution layers are often loosely coupled, making it difficult to fully isolate risk.
For institutional participants, this creates challenges in assessing counterparty exposure and operational reliability. Even when protocols provide strong security assurances, dependencies on third-party components can introduce vulnerabilities.
As capital flows increase, the focus is likely to shift toward stricter security standards, auditing practices, and clearer accountability across the ecosystem. Without these measures, repeated exploit cycles could limit broader adoption despite continued growth in trading activity.