TrustedVolumes loses $6.7 million in DeFi exploit affecting 1inch resolver

A DeFi market maker, TrustedVolumes, lost approximately $6.7 million in digital assets after an attacker exploited a vulnerability in its custom swap infrastructure on Ethereum. The firm, which operates as a resolver for the 1inch Fusion protocol, confirmed the breach and stated the stolen funds were being held in three separate Ethereum wallets.

"The root cause was a combination of permissionless signer registration, broken replay protection, and an unvalidated transfer source field," Hakan Unal, senior security operations lead at crypto security firm Cyvers, told Decrypt. Security firm Blockaid was first to flag the unauthorized activity, with CertiK later identifying the specific attack vector that allowed the exploiter to register as a trusted signer and drain funds.

The stolen assets include approximately 1,291 Wrapped Ether (WETH), 1.26 million USDC, 206,282 USDT, and 16.93 Wrapped Bitcoin (WBTC), according to data from Blockaid. TrustedVolumes confirmed the total loss and published the three wallet addresses holding the funds, containing roughly $3 million, $3 million, and $700,000 respectively. The firm said on X it was "open to constructive communication regarding a bug bounty and a mutually acceptable resolution."

The decentralized finance aggregator 1inch moved to distance itself from the incident, emphasizing that its core protocol and user funds were not compromised. TrustedVolumes operates its own independent contracts, and while it serves as one of many liquidity sources for 1inch, the exploit was contained to its own systems. "We can confirm that neither 1inch nor any of the 1inch protocols are involved," the platform posted on X, adding that the framing of some reports was "ultimately confusing and harmful."

Attack Vector and Implications

The vulnerability allowed the attacker to gain authorized permissions by calling a public function, a flaw that security experts say could have led to even greater losses. "With replay protection nonfunctional, the attacker could have potentially drained additional approved accounts repeatedly," Cyvers' Unal noted. The incident highlights the persistent security challenges facing DeFi protocols that rely on complex smart contract interactions.

Blockchain analytics firms have reportedly linked the exploiter to a previous incident involving 1inch Fusion in March 2025, suggesting a persistent actor targeting vulnerabilities within the DeFi ecosystem. For its part, 1inch stated it is working with security partners to analyze the exploit and incorporate findings into its ongoing security and integration processes.

This article is for informational purposes only and does not constitute investment advice.