Another multi-million-dollar attack has hit the DeFi sector after liquidity provider and market maker TrustedVolumes fell victim to a smart contract exploit on Thursday night. Related Reading: Solana Eyes New Leg Up After Triangle Breakout – Is $96 The Next Stop? TrustedVolumes Hit By $6.7M Hack On Thursday, DeFi platform TrustedVolumes, one of 1inch liquidity providers and market makers, suffered a new exploit that drained millions of dollars in multiple assets from the project. According to reports from blockchain security firms PeckShield and Blockaid, the attacker stole approximately $6 million in Wrapped Ethereum (WETH), Wrapped Bitcoin (WBTC), USDT, and USDT after exploiting a vulnerability in the protocol’s core signature validation logic, which allowed them to bypass authorization checks and forge trading orders. Notably, the hacker quickly exchanged all assets for 2.513 ETH on a Decentralized Exchange (DEX) and distributed them across three addresses. In an X post, TrustedVolumes confirmed the incident, sharing the addresses currently holding the stolen funds and updating the estimated loss to roughly $6.7 million. The vulnerability was a TrustedVolumes-controlled custom RFQ (request for quote) swap proxy. Crypto researcher Humphrey explained that “the Custom RFQ Swap Proxy contract contains a function designed to manage the ‘authorized order signer’ whitelist. Such whitelist mechanisms are common in DeFi—only addresses on the whitelist can issue valid transaction instructions on behalf of the protocol.” However, he noted that “this registration function is public and lacks any permission modifiers.” As a result, the attacker exploited this public function within the contract, registering themselves as an authorized order signer. “Since any external address can call this function, it is equivalent to giving everyone the ability to make a copy of the safe’s key,” the researcher continued. Same Hacker, Different Attack The online reports revealed that the attacker was the same hacker responsible for the $5 million 1inch Fusion V1 Settlement contract exploit in March 2025, which TrustedVolumes was the primary victim. Humprey highlighted that while the same individual carried out both attacks, they were significantly different on a technical level. According to the post, the 2025 vulnerability involved low-level EVM memory manipulation in the 1inch Fusion V1 Settlement contract. At the time, the hacker “proactively initiated on-chain negotiations,” offering to return the stolen assets for a white hat bounty. The DeFi platform accepted the proposal, and most of the funds were safely returned. Now, TrustedVolumes affirmed that it is “open to constructive communication regarding a bug bounty and a mutually acceptable resolution.” Decentralized exchange aggregator 1inch clarified that there was no impact on its systems, infrastructure, or user funds, explaining that “TrustedVolumes operate independently as a liquidity provider, used by multiple protocols across the industry, and are not exclusive to 1inch.” DeFi Exploits See Historic Surge This attack follows a wave of exploits that has shaken the DeFi sector over the past month. Last week, PeckShield revealed that the crypto space saw 40 major hacks in April, which drained approximately $647 million. Related Reading: $150M Crypto Ponzi Crumbles: $41.5M Frozen In DSJ Exchange Collapse This figure represents a 1,140% Month-over-Month (MoM) increase from March’s $52.2 million. It also represents a 292% surge from the $165 million the DeFi sector lost during the first quarter of 2026. Notably, the top two incidents of the month, Drift Protocol’s $285 million and KelpDAO’s $290 million exploits, accounted for 91% of the funds lost last month. In addition, they now rank among the Top 10 hacks since 2021. Featured Image from Unsplash.com, Chart from TradingView.com
