Another multi-million-dollar attack has hit the DeFi sector after liquidity provider and market maker TrustedVolumes fell victim to a smart contract exploit on Thursday night.
TrustedVolumes Hit By $6.7M Hack
On Thursday, DeFi platform TrustedVolumes, one of 1inch liquidity providers and market makers, suffered a new exploit that drained millions of dollars in multiple assets from the project.
According to reports from blockchain security firms PeckShield and Blockaid, the attacker stole approximately $6 million in Wrapped Ethereum (WETH), Wrapped Bitcoin (WBTC), USDT, and USDT after exploiting a vulnerability in the protocolโs core signature validation logic, which allowed them to bypass authorization checks and forge trading orders.
Notably, the hacker quickly exchanged all assets for 2.513 ETH on a Decentralized Exchange (DEX) and distributed them across three addresses. In an X post, TrustedVolumes confirmed the incident, sharing the addresses currently holding the stolen funds and updating the estimated loss to roughly $6.7 million.
The vulnerability was a TrustedVolumes-controlled custom RFQ (request for quote) swap proxy. Crypto researcher Humphrey explained that โthe Custom RFQ Swap Proxy contract contains a function designed to manage the โauthorized order signerโ whitelist. Such whitelist mechanisms are common in DeFiโonly addresses on the whitelist can issue valid transaction instructions on behalf of the protocol.โ
However, he noted that โthis registration function is public and lacks any permission modifiers.โ As a result, the attacker exploited this public function within the contract, registering themselves as an authorized order signer.
โSince any external address can call this function, it is equivalent to giving everyone the ability to make a copy of the safeโs key,โ the researcher continued.
Same Hacker, Different Attack
The online reports revealed that the attacker was the same hacker responsible for the $5 million 1inch Fusion V1 Settlement contract exploit in March 2025, which TrustedVolumes was the primary victim.
Humprey highlighted that while the same individual carried out both attacks, they were significantly different on a technical level. According to the post, the 2025 vulnerability involved low-level EVM memory manipulation in the 1inch Fusion V1 Settlement contract.
At the time, the hacker โproactively initiated on-chain negotiations,โ offering to return the stolen assets for a white hat bounty. The DeFi platform accepted the proposal, and most of the funds were safely returned.
Now, TrustedVolumes affirmed that it is โopen to constructive communication regarding a bug bounty and a mutually acceptable resolution.โ
Decentralized exchange aggregator 1inch clarified that there was no impact on its systems, infrastructure, or user funds, explaining that โTrustedVolumes operate independently as a liquidity provider, used by multiple protocols across the industry, and are not exclusive to 1inch.โ
DeFi Exploits See Historic Surge
This attack follows a wave of exploits that has shaken the DeFi sector over the past month. Last week, PeckShield revealed that the crypto space saw 40 major hacks in April, which drained approximately $647 million.
This figure represents a 1,140% Month-over-Month (MoM) increase from Marchโs $52.2 million. It also represents a 292% surge from the $165 million the DeFi sector lost during the first quarter of 2026.
Notably, the top two incidents of the month, Drift Protocolโs $285 million and KelpDAOโs $290 million exploits, accounted for 91% of the funds lost last month. In addition, they now rank among the Top 10 hacks since 2021.
