TrustedVolumes, an independent market maker and resolver integrated with 1inch Fusion, confirmed it was exploited, revealing that roughly $6.7 million in stolen funds are currently spread across three Ethereum wallets.
In a post on X on Thursday, TrustedVolumes said two of the addresses each contain around $3 million, while a third wallet holds approximately $700,000. The firm added that it is open to “constructive communication” regarding a potential bug bounty arrangement and a “mutually acceptable resolution.”
The disclosure followed an alert from Web3 security firm Blockaid, which said its exploit monitoring system detected an active Ethereum attack targeting TrustedVolumes. According to Blockaid, the exploit involved a custom swap infrastructure controlled by TrustedVolumes and initially appeared to drain around $5.87 million worth of assets, including Wrapped Ether, USDT, Wrapped Bitcoin and USDC.
Blockchain security company CertiK said the attacker exploited a publicly accessible function to register as an authorized order signer. The attacker then allegedly used that permission to execute malicious orders that transferred funds from affected targets.
The incident underscores the security risks tied to third-party infrastructure used in decentralized exchange execution. In many cases, resolvers and market makers operate independent smart contracts even when the core protocol itself remains unaffected.
TrustedVolumes functions as a liquidity provider across several protocols, including 1inch, which emphasized that its own systems, infrastructure and user funds were not impacted by the exploit.
1inch has denied reports suggesting its protocols were compromised in connection with the TrustedVolumes exploit, calling claims tying the incident directly to 1inch “misleading.”
In a post on X, the decentralized exchange aggregator said that “neither 1inch nor any of the 1inch protocols are involved,” emphasizing that there was “no impact on 1inch systems, infrastructure or user funds.”
1inch co-founder Sergej Kunz said TrustedVolumes operates independently and serves multiple platforms beyond 1inch. “While it is true that 1inch uses TrustedVolumes as a resolver, we are one of many,” Kunz said.
Kunz added that describing the exploit as a 1inch-related breach was “confusing and harmful,” while noting that the company is continuing to monitor developments alongside security partners and will provide assistance where necessary.
Security researcher Vladimir Sobolev, known on X as Officer’s Notes, also told Cointelegraph that the exploit posed “no risk for 1inch users,” stressing that the vulnerability was isolated to TrustedVolumes.
Sobolev said the incident highlights broader shortcomings in crypto security infrastructure, where flaws can rapidly translate into direct financial losses.
“We lack security in general. Blockchains just tend to have an immediate payoff,” Sobolev said, adding that the industry needs stronger safeguards such as kill switches, real-time monitoring and circuit breakers.
Both Blockaid and Sobolev noted that the attacker appears to be the same operator behind the March 2025 exploit targeting a 1inch Fusion V1 resolver. However, Blockaid said the latest incident relied on a different vulnerability.
In March 2025, 1inch disclosed that a flaw affected resolvers using outdated Fusion V1 implementations in their own smart contracts, though user funds were not impacted. Blockchain security firm SlowMist later traced roughly $5 million in stolen assets, including USDC and Wrapped Ether.
Following that exploit, 1inch and the affected resolver reportedly negotiated with the attacker, who eventually returned most of the stolen funds as part of a bug bounty arrangement, according to postmortem findings published by 1inch and Decurity.
