TrustedVolumes Drained $6.7 Million in Ethereum Exploit Linked to 1inch Fusion Operator

TrustedVolumes, a liquidity provider and resolver used by 1inch Fusion, confirmed on Thursday that it had been drained for roughly $6.7 million in an exploit on the Ethereum network.

“TrustedVolumes, a 1inch market maker and resolver, was recently hit by an exploit detected by an on-chain security platform, Blockaid”

AMBCrypto

Blockaid linked the exploit to the same operator behind the March 2025 1inch Fusion V1 incident, while saying it stems from a different vulnerability.

AMBCrypto

Blockaid said the stolen assets included 1,291 wrapped Ether, 16.9 wrapped Bitcoin, 206,282 USDT, and roughly 1.27 million USDC.

The Defiant also framed the incident as at least the fifth major DeFi exploit since the start of May, following an April that DefiLlama logged as the worst month on record by incident count, with 28 separate hacks totaling $635.2 million.

Cointelegraph reported that in an X post, 1inch said reports linking it directly to the TrustedVolumes exploit were “misleading,” adding that “neither 1inch nor any of the 1inch protocols are involved.”

Cointelegraph also quoted 1inch co-founder Sergej Kunz saying, “While it is true that 1inch uses TrustedVolumes as a resolver, we are one of many,” and said Kunz called the framing “confusing and harmful.”

Coinpaper

Security researcher Vladimir Sobolev told Cointelegraph there was “no risk for 1inch users,” and said the exploit was related only to TrustedVolumes.

Blockaid and CertiK, as described by Coinpaper, said the attacker exploited a publicly accessible function to register as an approved order signer before draining funds through malicious transactions.

Cointelegraph said both Blockaid and Sobolev noted the attack was carried out by the same operator responsible for the March 2025 1inch Fusion V1 resolver exploit, while Blockaid said the latest attack involved a different vulnerability.

“Rizwan is an experienced Crypto journalist with almost half a decade of experience covering everything related to the growing crypto industry — from price analysis to blockchain disruption”

Coinpedia

Cointelegraph quoted Sobolev warning that “We need to pay more attention to kill switches, monitoring, circuit breakers, etc.”

Coinpaper said CertiK viewed the incident as proof that vulnerabilities in third-party infrastructure providers can create serious risks in the decentralized finance ecosystem.

With TrustedVolumes’ funds described as spread across three Ethereum wallets—two holding roughly $3 million each and a third containing close to $700,000—the next step in the reporting is whether the attacker’s access can be contained as the industry debates safeguards like monitoring and emergency shutdown mechanisms.