Quick Summary
TrustedVolumes, a liquidity provider associated with the decentralized exchange aggregator 1inch, experienced a significant security breach resulting in the loss of approximately $5.87 million. The exploit targeted a custom Ethereum resolver contract used by TrustedVolumes, with the attacker linked to a previous 1inch Fusion V1 exploit from March 2025. This incident highlights ongoing risks related to custom proxy contracts and approval mechanisms within DeFi market-making infrastructure.
Key Points
- TrustedVolumes lost nearly $6 million, including 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC.
- The attack exploited a vulnerability in TrustedVolumes' custom RFQ swap proxy, distinct from standard user swap routes.
- Security firm Blockaid connected the attacker to the March 2025 1inch Fusion V1 exploit but noted a different weakness was exploited this time.
- CertiK reported the attacker registered as an AllowedOrderSigner via a public function, enabling unauthorized fund transfers.
- The incident underscores the risks of persistent approvals and custom permissioned contracts in DeFi market-making.
Context
This breach comes amid a challenging period for DeFi security. In April 2025 alone, protocols reportedly lost over $606 million due to various exploits, with major incidents involving Drift Protocol and Kelp DAO accounting for the bulk of losses. Additionally, Wasabi Protocol suffered a $5 million loss linked to a compromised admin key allowing malicious contract upgrades.
The TrustedVolumes exploit specifically targeted a custom resolver contract used for request-for-quote (RFQ) swaps, a mechanism designed to facilitate efficient trading but which requires elevated permissions. Such permissions can become a liability if not properly managed, as attackers may leverage them to drain funds.
Previous 1inch Fusion V1 exploits involved unsafe calldata handling and assumptions about resolver trust, leading to losses exceeding $5 million. The current incident, while related, exploited a different vulnerability unique to TrustedVolumes' setup.
My Take
While the TrustedVolumes exploit is a stark reminder of the complexities and risks inherent in DeFi infrastructure, it also emphasizes the need for continuous security audits and cautious management of contract permissions. Custom proxies and RFQ mechanisms offer efficiency gains but can introduce attack vectors if approval systems are not rigorously controlled. Users and market makers should remain vigilant about revoking unnecessary approvals and monitoring contract interactions.
It is important to note that this exploit appears isolated to TrustedVolumes’ specific contracts and does not necessarily implicate the broader 1inch user base. However, the incident contributes to a broader narrative about the fragility of permissioned DeFi components and the evolving tactics of attackers.
What to Watch Next
- Whether TrustedVolumes and related projects implement enhanced security measures or contract upgrades to mitigate similar risks.
- Potential responses from 1inch and other DeFi aggregators regarding the handling of custom resolvers and proxy contracts.
- Further analysis from security firms on the exploit’s technical details and any emerging vulnerabilities in RFQ swap proxies.
- Broader trends in DeFi exploits, particularly those involving complex approval systems and market-making tools.
- Community and user actions around revoking contract approvals to reduce exposure to similar attacks.