TrustedVolumes
Summary
TrustedVolumes is an independent DeFi liquidity provider and market maker operating as a resolver within the 1inch ecosystem on Ethereum. On May 7, 2026, the platform suffered a $6.7 million exploit caused by a critical authorization flaw in its custom RFQ swap proxy contract, which allowed any external party to self-register as an approved order signer. The attacker responsible has been linked by blockchain security firm Blockaid to the March 2025 1inch Fusion V1 hack that drained approximately $5 million, marking the same operator as a serial exploiter targeting the 1inch resolver ecosystem.
Connected Entities
1 entities · 4 linked investigationsTimeline(10 events)
2023-01-01
1inch Fusion V2 released, deprecating the Fusion V1 settlement contract. Resolvers that did not migrate to V2 remained exposed to the legacy code.
Halborn: Explained The 1inch Hack March 20252025-03-05
1inch identifies a calldata corruption vulnerability in the deprecated Fusion V1 settlement contract affecting resolvers still using it, including TrustedVolumes. Approximately $5 million — 2.4 million USDC and 1,276 WETH — drained from affected resolvers.
CoinTelegraph: Hacker of 1inch resolver returns stolen funds after negotiation2025-03-06
1inch publicly discloses the Fusion V1 vulnerability one day after its discovery.
1inch Blog: Vulnerability discovered in resolver contract2025-03-07
SlowMist on-chain investigation confirms stolen assets from the 1inch Fusion V1 hack: 2.4 million USDC and 1,276 WETH.
CoinTelegraph: Hacker of 1inch resolver returns stolen funds after negotiation2025-03-01
1inch and the March 2025 Fusion V1 attacker reach a bug bounty agreement. The attacker returns the majority of the $5 million in stolen funds and retains a bounty fee.
CoinTelegraph: Hacker of 1inch resolver returns stolen funds after negotiation2026-05-07
TrustedVolumes' custom RFQ swap proxy on Ethereum is exploited. Attacker EOA 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100 self-registers as an authorized order signer via unprotected function `registerAllowedOrderSigner`, then drains 1,291 WETH, 16.939 WBTC, 206,282 USDT, and 1,268,771 USDC — approximately $6.7 million total. Blockaid flags the active exploit in real time.
Verichains: TrustedVolumes Exploit Analysis2026-05-07
Stolen assets converted to approximately 2,513 ETH and distributed across three Ethereum wallets. Funds routed through ChangeNow exchange in an alleged attempt to evade asset freezes.
Crypto Economy: TrustedVolumes Confirms $6.7M Exploit2026-05-07
1inch issues public statement denying any impact on its own systems, infrastructure, or user funds. Co-founder Sergej Kunz notes TrustedVolumes is one of multiple independent resolvers.
Decrypt: DeFi Platform TrustedVolumes Hit by $6.7M Exploit2026-05-07
Blockaid publicly attributes the TrustedVolumes exploit to the same operator behind the March 2025 1inch Fusion V1 hack, citing on-chain behavioral analysis.
The Block: 1inch liquidity provider TrustedVolumes hit with ongoing exploit2026-05-08
TrustedVolumes confirms the $6.7 million total loss and expresses openness to bug bounty negotiation with the attacker for a 'mutually acceptable resolution.'
CryptoNewsZ: TrustedVolumes Loses $6.7M in Exploit, Launches Bounty TalksDecision Log
- hash: 2ePynEnSVrVuSV3M5ehedFacuy2fWMrUk9jm2QYcjTog
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-code-investigator
generated: 5/26/2026, 7:54:22 PM
last updated: 5/26/2026, 7:54:26 PM
avoid.net — verified advice for a post-truth world