TrustedVolumes Exploited for $6.7M in Latest DeFi Security Breach

TrustedVolumes, a liquidity resolver used by multiple DeFi protocols, was hit by an exploit that drained approximately $6.7 million. Blockchain security firm Blockaid identified the breach, with the attacker extracting 1,291 WETH, 206,282 USDT, 16.93 WBTC, and 1.26 million USDC.

The same operator is believed to be behind the March 2025 1inch Fusion V1 incident, this time exploiting a vulnerability in TrustedVolumes' custom RFQ swap proxy.

TrustedVolumes confirmed the breach and posted three wallet addresses holding the stolen funds, saying it is open to a bug bounty resolution.

Hakan Unal of Cyvers said the root cause was a combination of permissionless signer registration, broken replay protection, and an unvalidated transfer source field. The attacker acted as a trusted signer to drain victims without valid authorization, routing funds through exchange ChangeNow before swapping to ETH.

DeFi aggregator 1inch pushed back against reports linking it to the breach, stating that neither 1inch nor any of its protocols were involved. 1inch co-founder Sergej Kunz emphasized that while TrustedVolumes is one of many resolvers, the framing of the story is confusing and harmful.