1inch liquidity provider TrustedVolumes hit with ongoing exploit, draining nearly $6 million: Blockaid
Quick Take
- TrustedVolumes, 1inch liquidity provider and market maker, has been hit with an exploit that has so far drained $5.87 million, according to Blockaid.
- Blockaid said the attacker was the same entity that exploited 1inch Fusion V1 in March 2025, which drained around $5 million.
We'd love your feedback.
TrustedVolumes, a liquidity provider and market maker for decentralized exchange aggregator 1inch, is suffering an ongoing attack that has drained around $5.87 million, blockchain security firm Blockaid reported.
In a Wednesday post on social media platform X, Blockaid flagged that the exploit was affecting TrustedVolumes' resolver contract on the Ethereum blockchain.
According to Blockaid, the $5.87 million in drained funds included 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC.
The security firm stated that the attacker was the same entity responsible for the March 2025 exploit of 1inch Fusion V1, which drained around $5 million. However, Blockaid noted that the ongoing attack involves a different vulnerability related to a TrustedVolumes-controlled custom RFQ (request for quote) swap proxy.
Later on Thursday, TrustedVolumes confirmed the exploit, updating the amount of losses to around $6.7 million. It added that it will consider a bug bounty to solve the situation.
1inch not affected
Meanwhile, 1inch also released a statement on the TrustedVolumes exploit, explaining that there is no impact on its systems, infrastructure, or user funds.
"TrustedVolumes operate independently as a liquidity provider, used by multiple protocols across the industry, and are not exclusive to 1inch," the statement said. "We continue to monitor the situation and are actively assisting where appropriate alongside relevant security parties."
Attacks on DeFi participants have surged significantly since last month, marked by the $285 million social engineering attack on Drift and the $293 million exploit on Kelp DAO.
According to data from DefiLlama, a total of $635.2 million was stolen in hacks and exploits in April, which was the largest monthly sum since February 2025, when hackers stole nearly $1.5 billion from Bybit. The attack on TrustedVolumes marks the fifth major exploit since the beginning of May.
This is a developing story.
Story updated to include statements from TrustedVolumes and 1inch.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
