TrustedVolumes, an independent market maker and resolver used by 1inch Fusion, confirmed it was exploited and said about $6.7 million in stolen funds are being held across three Ethereum addresses.
In a Thursday X post, the market maker said the stolen funds were split across three wallets, with two addresses each holding about $3 million and a third holding about $700,000. TrustedVolumes said it was open to “constructive communication” over a bug bounty and a “mutually acceptable resolution.”
The confirmation came after Web3 security company Blockaid said its exploit detection system had identified an ongoing Ethereum exploit targeting TrustedVolumes. Blockaid said the attack involved a TrustedVolumes-controlled custom swap infrastructure. Blockaid initially estimated that about $5.87 million had been extracted, including Wrapped Ether, USDT, Wrapped Bitcoin and USDC.
Blockchain security company CertiK said the attacker registered as an allowed order signer through a public function, then used that authorization to execute orders that transferred funds from the targets.
The incident highlights the risks around third-party infrastructure used in decentralized exchange execution, where resolvers and market makers can operate their own contracts even when the core protocol and ordinary users are not directly affected. TrustedVolumes operates independently as a liquidity provider for multiple protocols, including 1inch, which said its own systems, infrastructure and user funds were not affected.
Cointelegraph reached out to TrustedVolumes for additional comment but had not received a response by publication.
Source: TrustedVolumes
1inch says none of its protocols were breached
In an X post, 1inch said reports linking it directly to the TrustedVolumes exploit were “misleading,” adding that “neither 1inch nor any of the 1inch protocols are involved.” The platform said there was “no impact on 1inch systems, infrastructure or user funds.”
1inch co-founder Sergej Kunz also said TrustedVolumes operates independently and is not exclusive to 1inch. “While it is true that 1inch uses TrustedVolumes as a resolver, we are one of many,” Kunz said.
Kunz said the framing of the exploit as a 1inch-related incident was “confusing and harmful,” adding that 1inch is monitoring the situation with security partners and will assist where appropriate.
Related: Andre Cronje says DeFi is ‘no longer DeFi’ as builders debate circuit breakers
Security researcher Vladimir Sobolev, known as Officer’s Notes on X, also told Cointelegraph there was “no risk for 1inch users,” adding that the exploit was related only to TrustedVolumes.
Sobolev said the exploit points to broader weaknesses in crypto security practices, where vulnerabilities can quickly produce immediate losses.
“We lack security in general. Blockchains just tend to have an immediate payoff,” Sobolev told Cointelegraph. “We need to pay more attention to kill switches, monitoring, circuit breakers, etc.”
Both Blockaid and Sobolev noted that the attack was carried out by the same operator responsible for the March 2025 1inch Fusion V1 resolver exploit. However, Blockaid said the latest attack involved a different vulnerability.
In March 2025, 1inch said a vulnerability affected resolvers using an outdated Fusion v1 implementation in their own contracts, while end-user funds remained safe. SlowMist later traced about $5 million in stolen assets, including USDC and Wrapped Ether.
1inch and the affected resolver negotiated with the attacker, who returned most of the stolen funds under a bug bounty agreement, according to 1inch and Decurity’s postmortem.
Magazine: North Korea denies crypto hacks, Upbit’s bank tests Ripple: Asia Express
