Another multi-million-dollar attack has hit the DeFi sector after liquidity provider and market maker TrustedVolumes fell victim to a smart contract exploit on Thursday night.<\/p>\n
On Thursday, DeFi platform TrustedVolumes, one of 1inch liquidity providers and market makers, suffered a new exploit that drained millions of dollars in multiple assets from the project.<\/p>\n
According to reports from blockchain security firms PeckShield and Blockaid, the attacker stole approximately $6 million in Wrapped Ethereum<\/a> (WETH), Wrapped Bitcoin (WBTC), USDT, and USDT after exploiting a vulnerability in the protocol\u2019s core signature validation logic, which allowed them to bypass authorization checks and forge trading orders.<\/p>\n Notably, the hacker quickly exchanged all assets for 2.513 ETH on a Decentralized Exchange (DEX) and distributed them across three addresses. In an X post, TrustedVolumes confirmed<\/a> the incident, sharing the addresses currently holding the stolen funds and updating the estimated loss to roughly $6.7 million.<\/p>\n The vulnerability was a TrustedVolumes-controlled custom RFQ (request for quote) swap proxy. Crypto researcher Humphrey explained<\/a> that \u201cthe Custom RFQ Swap Proxy contract contains a function designed to manage the \u2018authorized order signer\u2019 whitelist. Such whitelist mechanisms are common in DeFi\u2014only addresses on the whitelist can issue valid transaction instructions on behalf of the protocol.\u201d<\/p>\n However, he noted that \u201cthis registration function is public and lacks any permission modifiers.\u201d As a result, the attacker exploited this public function within the contract, registering themselves as an authorized order signer.<\/p>\n \u201cSince any external address can call this function, it is equivalent to giving everyone the ability to make a copy of the safe\u2019s key,\u201d the researcher continued.<\/p>\n The online reports revealed that the attacker was the same hacker responsible<\/a> for the $5 million 1inch Fusion V1 Settlement contract exploit in March 2025, which TrustedVolumes was the primary victim.<\/p>\n Humprey highlighted that while the same individual carried out both attacks<\/a>, they were significantly different on a technical level. According to the post, the 2025 vulnerability involved low-level EVM memory manipulation in the 1inch Fusion V1 Settlement contract.<\/p>\n At the time, the hacker \u201cproactively initiated on-chain negotiations,\u201d offering to return the stolen assets for a white hat bounty. The DeFi platform accepted the proposal, and most of the funds were safely returned.<\/p>\n Now, TrustedVolumes affirmed that it is \u201copen to constructive communication regarding a bug bounty and a mutually acceptable resolution.\u201d<\/p>\n Decentralized exchange aggregator 1inch clarified<\/a> that there was no impact on its systems, infrastructure, or user funds, explaining that \u201cTrustedVolumes operate independently as a liquidity provider, used by multiple protocols across the industry, and are not exclusive to 1inch.\u201d<\/p>\n DeFi Exploits See Historic Surge<\/p>\n This attack follows a wave of exploits that has shaken the DeFi sector over the past month. Last week, PeckShield revealed that the crypto space saw 40 major hacks in April, which drained approximately $647 million.<\/p>\n This figure represents a 1,140% Month-over-Month (MoM) increase from March\u2019s $52.2 million. It also represents a 292% surge from the $165 million the DeFi sector lost during the first quarter of 2026.<\/p>\n Notably, the top two incidents of the month, Drift Protocol<\/a>\u2019s $285 million and KelpDAO\u2019<\/a>s $290 million exploits, accounted for 91% of the funds lost last month. In addition, they now rank among the Top 10 hacks since 2021.<\/p>","protected":false},"excerpt":{"rendered":" Another multi-million-dollar attack has hit the DeFi sector after liquidity provider and market maker TrustedVolumes fell victim to a smart contract exploit on Thursday night. TrustedVolumes Hit By $6.7M Hack On Thursday, DeFi platform TrustedVolumes, one of 1inch liquidity providers and market makers, suffered a new exploit that drained millions of dollars in multiple assets […]<\/p>\n","protected":false},"author":0,"featured_media":162568,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-162567","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-discovery"],"_links":{"self":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/162567"}],"collection":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=162567"}],"version-history":[{"count":0,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/162567\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/media\/162568"}],"wp:attachment":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=162567"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=162567"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=162567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Same Hacker, Different Attack<\/h2>\n