Quick Summary
TrustedVolumes, a liquidity provider linked to 1inch, has confirmed a security breach resulting in a loss of approximately $6.7 million. The exploit targeted a custom request-for-quote (RFQ) swap proxy under TrustedVolumes’ control, distinct from 1inch’s standard aggregation routes. The team has publicly expressed willingness to engage constructively with the attacker, aiming for a bounty-style resolution similar to previous incidents in the DeFi space.
Key Points
- TrustedVolumes suffered a hack involving roughly $6.7 million drained via its Ethereum resolver contract.
- Security firm Blockaid and others estimate about $5.87 million was taken, including significant amounts of WETH, USDT, WBTC, and USDC.
- The attacker’s address appears linked to the March 2025 1inch Fusion v1 hack, targeting the same market maker.
- The breach exploited a custom RFQ swap proxy unique to TrustedVolumes, not the core 1inch aggregation system.
- Funds stolen are currently held across three addresses, with balances around $3 million, $3 million, and $700,000.
- TrustedVolumes is open to communication with the hacker, hoping to negotiate a vulnerability bounty and potential fund recovery.
Context
This incident echoes a pattern seen in DeFi where attackers focus on complex, privileged contracts behind popular front-end platforms rather than the platforms themselves. The March 2025 1inch Fusion hack similarly exploited an outdated resolver contract linked to TrustedVolumes, draining funds before the router was updated.
1inch has emphasized that its core aggregation contracts remain secure and unaffected. The vulnerability was specific to TrustedVolumes’ custom RFQ proxy design, highlighting ongoing risks in third-party integrations and custom smart contract implementations.
In recent years, DeFi teams have increasingly sought to transform live exploits into "white hat" events by offering bug bounties and negotiating with attackers. Previous cases involving 1inch-adjacent protocols have seen substantial fund returns following dialogue and agreements with hackers.
My Take
While TrustedVolumes’ openness to engage with the attacker is a pragmatic approach, the outcome remains uncertain. Such negotiations can potentially mitigate losses and restore some confidence, but they depend heavily on the attacker’s willingness to cooperate.
This exploit underscores the complexity and risk inherent in custom smart contract solutions layered on top of established protocols. Even when core systems remain secure, vulnerabilities in auxiliary components can lead to significant financial damage.
For users and counterparties, this serves as a reminder to consider the broader ecosystem risks beyond the primary platform. Vigilance around third-party integrations and continuous security audits are essential in the evolving DeFi landscape.
What to Watch Next
- Whether TrustedVolumes and the attacker reach an agreement that leads to partial or full fund recovery.
- Any updates from security firms or blockchain analytics that clarify the attacker’s identity or movements of the stolen assets.
- Potential changes or upgrades to TrustedVolumes’ smart contracts to prevent similar exploits.
- Broader implications for 1inch and other DeFi protocols regarding the security of custom proxy contracts and third-party integrations.