Audit log

Every state-changing event for TrustedVolumes: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-26 19:54:26Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,351,480

   sig

   2JU3WKRNcuoL…j4vwar8mcopyexplorer ↗

   hash

   2ePynEnSVrVu…2QYcjTogcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (15919 B) ▸

   {"actor":"system:backfill","investigation_id":"67f1526c-b65e-438f-af3a-f9d897505d66","kind":"publish","page_slug":"trustedvolumes","published_at":"2026-05-26T19:54:26.658Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"TrustedVolumes","sections":[{"content":"On May 7, 2026, TrustedVolumes' custom request-for-quote (RFQ) swap proxy contract on Ethereum was exploited for approximately $6.7 million in digital assets. The attacker deployed an exploit contract and called the publicly accessible function `registerAllowedOrderSigner(address signer, bool allowed)` on the TrustedVolumes resolver contract at 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31 without any access controls preventing unauthorized callers. This allowed the attacker's EOA (0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100) to be registered as a trusted order signer. With that elevated privilege, the attacker crafted four fill-order calls exploiting an additional vulnerability: the authorization check validated the signer against the receiver field, while tokens were sourced from the inventory field — two independently specified fields with no cross-validation. The attacker set `inventory` to TrustedVolumes' vault address and `receiver` to the exploit contract, draining pre-approved token balances. A nominal 4-wei USDC payment was returned per call to satisfy basic sanity checks. The primary attack transaction hash is 0xc5c61b3ac39d854773b9dc34bd0cdbc8b5bbf75f18551802a0b5881fcb990513. Security researchers from Cyvers additionally characterized the vulnerability as involving permissionless signer registration, broken replay protection, and an unvalidated transfer source field.","heading":"May 2026 Exploit: RFQ Swap Proxy Authorization Flaw","severity":"critical","sources":[{"credibility":2,"name":"Halborn: Explained The TrustedVolumes Hack May 2026","type":"research","url":"https://www.halborn.com/blog/post/explained-the-trustedvolumes-hack-may-2026"},{"credibility":2,"name":"Verichains: TrustedVolumes Exploit Analysis","type":"research","url":"https://blog.verichains.io/p/trustedvolumes-exploit-analysis"},{"credibility":2,"name":"Decrypt: DeFi Platform TrustedVolumes Hit by $6.7M Exploit","type":"news_article","url":"https://decrypt.co/367070/defi-platform-trustedvolumes-hit-by-6-7m-exploit"}]},{"content":"The exploit drained a total of approximately $6.7 million across four asset types from TrustedVolumes' inventory vault: 1,291 WETH, 16.939 WBTC, 206,282 USDT, and 1,268,771 USDC. Following the theft, the attacker converted the diverse tokens into approximately 2,513 ETH using a custom exchange proxy. The stolen funds were subsequently distributed across three Ethereum wallets — holding approximately $3 million, $3 million, and $700,000 respectively — and routed through the ChangeNow non-custodial exchange in an alleged attempt to evade asset freezes. TrustedVolumes confirmed the breach and the approximate distribution across the three wallets.","heading":"Assets Drained and Fund Flow","severity":"critical","sources":[{"credibility":2,"name":"Verichains: TrustedVolumes Exploit Analysis","type":"research","url":"https://blog.verichains.io/p/trustedvolumes-exploit-analysis"},{"credibility":2,"name":"Crypto Economy: TrustedVolumes Confirms $6.7M Exploit With Stolen Funds Spread Across Three Ethereum Wallets","type":"news_article","url":"https://crypto-economy.com/trustedvolumes-confirms-6-7m-exploit-with-stolen-funds-spread-across-three-ethereum-wallets/"},{"credibility":2,"name":"Web3 Is Going Great: TrustedVolumes Exploit","type":"news_article","url":"https://www.web3isgoinggreat.com/single/trustedvolumes-exploit"}]},{"content":"Blockchain security firm Blockaid attributed the May 2026 TrustedVolumes exploit to the same attacker responsible for the March 2025 1inch Fusion V1 hack. In that prior incident, the attacker exploited a calldata corruption buffer overflow in the `_settleOrder` function of 1inch's deprecated Fusion V1 settlement contract, allowing manipulation of the `interactionLength` variable to forge resolver addresses in serialized order data. That attack drained approximately $5 million — comprising 2.4 million USDC and 1,276 WETH — from resolver contracts still using the unsupported Fusion V1 implementation. The 2025 incident was resolved through negotiation: 1inch and the affected resolver reached a bug bounty agreement, and the majority of stolen assets were returned. The attacker in both cases targeted different vulnerabilities in the 1inch resolver ecosystem, and the reuse of the same operator across two separate incidents roughly 14 months apart represents an alleged pattern of serial exploitation. Blockaid's attribution was described as based on on-chain behavioral analysis linking the two operator addresses.","heading":"Repeat Attacker: Link to March 2025 1inch Fusion V1 Hack","severity":"high","sources":[{"credibility":2,"name":"The Block: 1inch liquidity provider TrustedVolumes hit with ongoing exploit","type":"news_article","url":"https://www.theblock.co/post/400332/1inch-trustedvolumes-exploit"},{"credibility":2,"name":"Halborn: Explained The 1inch Hack March 2025","type":"research","url":"https://www.halborn.com/blog/post/explained-the-1inch-hack-march-2025"},{"credibility":1,"name":"CoinTelegraph: Hacker of 1inch resolver returns stolen funds after negotiation","type":"news_article","url":"https://cointelegraph.com/news/1inch-loses-5m-hack-fusion-v1-smart-contract"},{"credibility":2,"name":"Cryptopolitan: $6.7M drained from 1inch market maker TrustedVolumes","type":"news_article","url":"https://www.cryptopolitan.com/6-7m-drained-1inch-trustedvolumes-defi-heist/"}]},{"content":"Following the exploit, 1inch issued a public statement denying any compromise of its own systems, infrastructure, or user funds. Co-founder Sergej Kunz stated that 1inch uses TrustedVolumes as one of multiple independent resolvers, and that built-in redundancy protects users from individual provider failures. 1inch emphasized that TrustedVolumes operates independently and that the exploited contract was a custom RFQ swap proxy controlled exclusively by TrustedVolumes, not a core 1inch protocol contract. Blockaid independently confirmed that the exploit did not involve any standard 1inch protocol contracts or affect end users transacting through 1inch.","heading":"1inch Response and Scope Clarification","severity":"medium","sources":[{"credibility":2,"name":"Decrypt: DeFi Platform TrustedVolumes Hit by $6.7M Exploit","type":"news_article","url":"https://decrypt.co/367070/defi-platform-trustedvolumes-hit-by-6-7m-exploit"},{"credibility":2,"name":"NewsBTC: DeFi Platform TrustedVolumes Hit By $6.7M Hack As 2026 Exploits Surge","type":"news_article","url":"https://www.newsbtc.com/news/defi-trustedvolumes-6-7m-hack-2026-exploits/"}]},{"content":"Following the exploit, TrustedVolumes publicly expressed openness to engagement with the attacker, stating it welcomed 'constructive communication regarding a bug bounty and a mutually acceptable resolution.' No specific bounty terms, deadlines, or fund recovery outcomes had been publicly confirmed as of the time of this investigation. This approach mirrors the resolution of the March 2025 1inch Fusion V1 incident, in which the attacker initiated on-chain negotiations and ultimately returned the majority of stolen funds in exchange for a bounty fee. Whether a similar resolution would occur in the TrustedVolumes case remained unconfirmed.","heading":"Bug Bounty Negotiation","severity":"medium","sources":[{"credibility":2,"name":"CryptoNewsZ: TrustedVolumes Loses $6.7M in Exploit, Launches Bounty Talks","type":"news_article","url":"https://www.cryptonewsz.com/trustedvolumes-exploit-launches-bounty-talks/"},{"credibility":2,"name":"NewsBTC: DeFi Platform TrustedVolumes Hit By $6.7M Hack As 2026 Exploits Surge","type":"news_article","url":"https://www.newsbtc.com/news/defi-trustedvolumes-6-7m-hack-2026-exploits/"}]},{"content":"TrustedVolumes operates as an independent liquidity provider and market maker, functioning as a resolver within the 1inch DeFi aggregator ecosystem on Ethereum. The platform is not a subsidiary or affiliate of 1inch but serves as one of multiple independent third-party resolvers that fill swap orders routed through the 1inch protocol. No public information is available regarding TrustedVolumes' founding team, corporate registration, or domicile. The platform's independent operational status was confirmed by both TrustedVolumes and 1inch following the May 2026 exploit.","heading":"Entity Background and Relationship to 1inch","severity":"low","sources":[{"credibility":2,"name":"NewsBTC: DeFi Platform TrustedVolumes Hit By $6.7M Hack As 2026 Exploits Surge","type":"news_article","url":"https://www.newsbtc.com/news/defi-trustedvolumes-6-7m-hack-2026-exploits/"}]}],"sources_used":[{"credibility":2,"name":"Decrypt: DeFi Platform TrustedVolumes Hit by $6.7M Exploit","type":"news_article","url":"https://decrypt.co/367070/defi-platform-trustedvolumes-hit-by-6-7m-exploit"},{"credibility":2,"name":"Halborn: Explained The TrustedVolumes Hack May 2026","type":"research","url":"https://www.halborn.com/blog/post/explained-the-trustedvolumes-hack-may-2026"},{"credibility":2,"name":"Verichains: TrustedVolumes Exploit Analysis","type":"research","url":"https://blog.verichains.io/p/trustedvolumes-exploit-analysis"},{"credibility":2,"name":"The Block: 1inch liquidity provider TrustedVolumes hit with ongoing exploit","type":"news_article","url":"https://www.theblock.co/post/400332/1inch-trustedvolumes-exploit"},{"credibility":2,"name":"The Defiant: 1inch Resolver TrustedVolumes Drained for $6.7M on Ethereum","type":"news_article","url":"https://thedefiant.io/news/defi/1inch-resolver-trustedvolumes-drained-for-usd6-7m-on-ethereum"},{"credibility":2,"name":"Cryptopolitan: $6.7M drained from 1inch market maker TrustedVolumes","type":"news_article","url":"https://www.cryptopolitan.com/6-7m-drained-1inch-trustedvolumes-defi-heist/"},{"credibility":2,"name":"Web3 Is Going Great: TrustedVolumes Exploit","type":"news_article","url":"https://www.web3isgoinggreat.com/single/trustedvolumes-exploit"},{"credibility":2,"name":"NewsBTC: DeFi Platform TrustedVolumes Hit By $6.7M Hack As 2026 Exploits Surge","type":"news_article","url":"https://www.newsbtc.com/news/defi-trustedvolumes-6-7m-hack-2026-exploits/"},{"credibility":2,"name":"Crypto Economy: TrustedVolumes Confirms $6.7M Exploit With Stolen Funds Spread Across Three Ethereum Wallets","type":"news_article","url":"https://crypto-economy.com/trustedvolumes-confirms-6-7m-exploit-with-stolen-funds-spread-across-three-ethereum-wallets/"},{"credibility":2,"name":"CryptoNewsZ: TrustedVolumes Loses $6.7M in Exploit, Launches Bounty Talks","type":"news_article","url":"https://www.cryptonewsz.com/trustedvolumes-exploit-launches-bounty-talks/"},{"credibility":1,"name":"CoinTelegraph: Hacker of 1inch resolver returns stolen funds after negotiation","type":"news_article","url":"https://cointelegraph.com/news/1inch-loses-5m-hack-fusion-v1-smart-contract"},{"credibility":2,"name":"Halborn: Explained The 1inch Hack March 2025","type":"research","url":"https://www.halborn.com/blog/post/explained-the-1inch-hack-march-2025"},{"credibility":1,"name":"1inch Blog: Vulnerability discovered in resolver contract","type":"official","url":"https://blog.1inch.com/vulnerability-discovered-in-resolver-contract/"}],"summary":"TrustedVolumes is an independent DeFi liquidity provider and market maker operating as a resolver within the 1inch ecosystem on Ethereum. On May 7, 2026, the platform suffered a $6.7 million exploit caused by a critical authorization flaw in its custom RFQ swap proxy contract, which allowed any external party to self-register as an approved order signer. The attacker responsible has been linked by blockchain security firm Blockaid to the March 2025 1inch Fusion V1 hack that drained approximately $5 million, marking the same operator as a serial exploiter targeting the 1inch resolver ecosystem.","timeline":[{"date":"2023-01-01","event":"1inch Fusion V2 released, deprecating the Fusion V1 settlement contract. Resolvers that did not migrate to V2 remained exposed to the legacy code.","source":"Halborn: Explained The 1inch Hack March 2025","source_url":"https://www.halborn.com/blog/post/explained-the-1inch-hack-march-2025"},{"date":"2025-03-05","event":"1inch identifies a calldata corruption vulnerability in the deprecated Fusion V1 settlement contract affecting resolvers still using it, including TrustedVolumes. Approximately $5 million — 2.4 million USDC and 1,276 WETH — drained from affected resolvers.","source":"CoinTelegraph: Hacker of 1inch resolver returns stolen funds after negotiation","source_url":"https://cointelegraph.com/news/1inch-loses-5m-hack-fusion-v1-smart-contract"},{"date":"2025-03-06","event":"1inch publicly discloses the Fusion V1 vulnerability one day after its discovery.","source":"1inch Blog: Vulnerability discovered in resolver contract","source_url":"https://blog.1inch.com/vulnerability-discovered-in-resolver-contract/"},{"date":"2025-03-07","event":"SlowMist on-chain investigation confirms stolen assets from the 1inch Fusion V1 hack: 2.4 million USDC and 1,276 WETH.","source":"CoinTelegraph: Hacker of 1inch resolver returns stolen funds after negotiation","source_url":"https://cointelegraph.com/news/1inch-loses-5m-hack-fusion-v1-smart-contract"},{"date":"2025-03-01","event":"1inch and the March 2025 Fusion V1 attacker reach a bug bounty agreement. The attacker returns the majority of the $5 million in stolen funds and retains a bounty fee.","source":"CoinTelegraph: Hacker of 1inch resolver returns stolen funds after negotiation","source_url":"https://cointelegraph.com/news/1inch-loses-5m-hack-fusion-v1-smart-contract"},{"date":"2026-05-07","event":"TrustedVolumes' custom RFQ swap proxy on Ethereum is exploited. Attacker EOA 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100 self-registers as an authorized order signer via unprotected function `registerAllowedOrderSigner`, then drains 1,291 WETH, 16.939 WBTC, 206,282 USDT, and 1,268,771 USDC — approximately $6.7 million total. Blockaid flags the active exploit in real time.","source":"Verichains: TrustedVolumes Exploit Analysis","source_url":"https://blog.verichains.io/p/trustedvolumes-exploit-analysis"},{"date":"2026-05-07","event":"Stolen assets converted to approximately 2,513 ETH and distributed across three Ethereum wallets. Funds routed through ChangeNow exchange in an alleged attempt to evade asset freezes.","source":"Crypto Economy: TrustedVolumes Confirms $6.7M Exploit","source_url":"https://crypto-economy.com/trustedvolumes-confirms-6-7m-exploit-with-stolen-funds-spread-across-three-ethereum-wallets/"},{"date":"2026-05-07","event":"1inch issues public statement denying any impact on its own systems, infrastructure, or user funds. Co-founder Sergej Kunz notes TrustedVolumes is one of multiple independent resolvers.","source":"Decrypt: DeFi Platform TrustedVolumes Hit by $6.7M Exploit","source_url":"https://decrypt.co/367070/defi-platform-trustedvolumes-hit-by-6-7m-exploit"},{"date":"2026-05-07","event":"Blockaid publicly attributes the TrustedVolumes exploit to the same operator behind the March 2025 1inch Fusion V1 hack, citing on-chain behavioral analysis.","source":"The Block: 1inch liquidity provider TrustedVolumes hit with ongoing exploit","source_url":"https://www.theblock.co/post/400332/1inch-trustedvolumes-exploit"},{"date":"2026-05-08","event":"TrustedVolumes confirms the $6.7 million total loss and expresses openness to bug bounty negotiation with the attacker for a 'mutually acceptable resolution.'","source":"CryptoNewsZ: TrustedVolumes Loses $6.7M in Exploit, Launches Bounty Talks","source_url":"https://www.cryptonewsz.com/trustedvolumes-exploit-launches-bounty-talks/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision c3abdce7-fefc-4e5d-8503-27ba63cd64bacopy