The Blockaid exploit detection system has detected an ongoing TrustedVolumes exploit liquidity provider’s resolver contract on the Ethereum blockchain. So far, the attacker has already stolen approximately USD 5.8 million of assets from this contract. This includes: 1,291.16 Wrapped Ethereum (WETH), 206,282 USDT, 16.939 Wrapped Bitcoin (WBTC), and 1,268,771 USDC.
How the TrustedVolumes exploit works
The TrustedVolumes exploit involves the use of a unique Request For Quote (RFQ) swap proxy contract, which has been developed and controlled by the market maker (MM). Blockaid has revealed that the same operator was responsible for the 1inch Fusion V1 incident in March 2025, but the current vulnerability is different and unrelated to that previous attack. The exploit is still taking place. Stay tuned for additional updates, as more details are expected to follow.
Details of the attack
- Exploit tx: 0xc5c61b3ac39d854773b9dc34bd0cdbc8b5bbf75f18551802a0b5881fcb990513
- Victim contract: TrustedVolumes resolver → 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31
- Exploiter wallet: 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100
As a principal liquidity source and resolver for 1inch, one of decentralized finance (DeFi)’s biggest decentralized exchange (DEX) aggregators, compromising a market maker of this size should send up red flags concerning the safety of any RFQ-based trading platforms, where quotes are generated offchain and settled onchain.
Market Maker Reaction
Neither TrustedVolumes nor 1inch has released an official statement at the time of writing. The exploit remains active, with Blockaid continuing to monitor the situation.
Next Steps
This marks the fifth major exploit since the beginning of May, following a brutal April that saw over USD 600 million stolen across DeFi (the largest monthly sum since Bybit ′s USD 1.5 billion hack in February 2025). Security firms and DeFi protocols are urging liquidity providers to review their RFQ and proxy contract configurations.