Significant Breach of TrustedVolumes
In a significant breach, a hacker has begun the process of laundering digital assets amounting to $6.7 million that were stolen from the liquidity provider, TrustedVolumes. According to cybersecurity company PeckShield, the illicit actor has already transferred substantial amounts of Ethereum (ETH) since the theft occurred on May 7.
Laundering Activities
PeckShield has reported that approximately $278,000 has been laundered thus far, detailing the hacker’s methods, which include:
- A deposit of 10.2 ETH (valued at $23,600) to the mixing service TornadoCash
- The conversion of 110 ETH (about $250,000) through THORChain into Bitcoin (BTC)
- An attempted transfer of 0.5 ETH to another platform called Railgun, which was later reverted
Response from TrustedVolumes
In response to this serious breach, TrustedVolumes has expressed a willingness to engage with the hacker. The firm publicly stated:
“We are open to constructive communication regarding a bug bounty and a mutually acceptable resolution.”
They have also disclosed the existence of three wallets linked to the theft, with:
- Two wallets holding assets valued at approximately $3 million
- A third containing around $700,000 in stolen cryptocurrencies
Vulnerability and Exploitation
The vulnerability that allowed this breach stems from a design flaw within TrustedVolumes’ order-settlement system. Blockchain security experts at QuillAudits explained that the hacker exploited this flaw in a single transaction, effectively draining the liquidity provider’s funds.
TrustedVolumes functions as a market maker and resolver for 1inch, delivering on-chain liquidity through a unique Request-for-Quote (RFQ) proxy model. This system is designed to allow pre-signed orders, but unfortunately, the implementation at TrustedVolumes failed to uphold essential security measures that protect against such exploits. This lapse in security—whereby the maker’s authorization, replay protection, and inventory verification all failed—enabled the attacker to carry out the heist with ease.
