TrustedVolumes, an independent market maker and resolver used by 1inch Fusion, confirmed that it had been used and reported that approximately $6.7 million in stolen funds were held at three Ethereum addresses.
On Thursday postthe market maker said the stolen funds were split between three wallets, each containing approximately $3 million and the third containing approximately $700,000. TrustedVolumes said it is open to “constructive communication” regarding a bug bounty and a “mutually acceptable resolution.”
The confirmation came from Web3 security company Blockaid he said its exploit detection system identified an ongoing Ethereum exploit targeting TrustedVolumes. Blockaid said the attack targeted custom exchange infrastructure controlled by TrustedVolumes. Blockaid initially estimated that approximately $5.87 million was mined, including Wrapped Ether, USDT, Wrapped Bitcoin, and USDC.
Blockchain security company CertiK he said the attacker registered as a permitted order signatory through a public function and then used this authorization to execute orders that transferred funds away from targets.
The incident highlights the risks associated with third-party infrastructure used in decentralized exchange execution, where resolution entities and market makers can operate their own contracts even if this does not directly impact the underlying protocol and regular users. TrustedVolumes operates independently as a liquidity provider for a number of protocols, including 1inch, which says its own systems, infrastructure and user funds have not been impacted.
Cointelegraph reached out to TrustedVolumes for additional comment but did not receive a response via publication.
Source: Trusted volumes
1inch claims that none of its protocols have been compromised
In post X, 1 inch he said reports linking it directly to the TrustedVolumes exploit were “misleading,” adding that “neither the 1inch protocol nor any of the 1inch protocols are affected.” The platform stated that there is “no impact on 1-inch systems, infrastructure or user funds.”
Also co-founder of 1inch Sergej Kunz he said TrustedVolumes works independently and is not exclusive to the 1-inch version. “While it is true that 1inch uses TrustedVolumes as its resolver, we are one of many,” Kunz said.
Kunz said treating the exploit as a 1inch incident was “misleading and counterproductive,” adding that 1inch is monitoring the situation with security partners and will provide assistance if needed.
Related: Andre Cronje says DeFi is “no longer DeFi” as builders debate circuit breakers
Security researcher Vladimir Sobolev, known as Officer’s Notes on
Sobolev said the exploit highlights broader weaknesses in cryptographic security practices, where vulnerabilities can quickly cause immediate losses.
“We lack security in general. Blockchains simply provide immediate benefits,” Sobolev told Cointelegraph. “We need to pay more attention to kill switches, monitoring, circuit breakers, etc.”
Both Blockaid and Sobolew excellent that the attack was carried out by the same operator responsible for the March 2025 1inch Fusion V1 resolver exploit. However, Blockaid stated that the latest attack exploited a different vulnerability.
In March 2025, 1 in he said the vulnerability affected resolvers using an dated Fusion v1 implementation in their own contracts, while end-user funds remained unthreatening. SlowMist later track down approximately $5 million in stolen assets, including USDC and Wrapped Ether.
1inch and the affected troubleshooter negotiated with the attacker, who returned most of the stolen funds in a bug bounty deal. According to to 1 inch and Decurity’s autopsy.
Warehouse: North Korea denies cryptocurrency hacks, Upbit bank tests Ripple: Asia Express
