Security Incident Involving TrustedVolumes
A recent breach has led to a significant security incident involving TrustedVolumes, a market maker and liquidity provider associated with 1inch, resulting in the loss of approximately $5.87 million from its Ethereum resolver contract. According to Blockaid, a blockchain security firm, the exploit targeted a specific custom RFQ swap proxy under TrustedVolumes’ control, rather than the standard user swap mechanisms.
Details of the Attack
The assets stolen in the attack included substantial amounts of cryptocurrency: 1,291.16 Wrapped Ether (WETH), 206,282 Tether (USDT), 16.939 Wrapped Bitcoin (WBTC), and 1,268,771 USD Coin (USDC). Notably, Blockaid linked the perpetrator of this breach to a previous exploit in March 2025 that involved 1inch Fusion V1. However, the latest attack leveraged a distinct vulnerability associated with the TrustedVolumes system.
Context of DeFi Security
In the backdrop of this incident, the 1inch Fusion V1 exploit, which impacted several third-party resolvers, was noted to have resulted in losses exceeding $5 million due to mishandling of unsafe calldata and flawed trust assumptions in the resolvers involved.
Citing information from CertiK Alert, Binance News reported that the attacker utilized a public function to register as an AllowedOrderSigner, which enabled them to execute orders directing pre-authorized funds away from the victim’s address. CertiK has since advised users associated with the affected contract to revoke any permissions that were granted.
Trends in DeFi Security Breaches
This breach arrives in the wake of a troubling trend in DeFi security, with reported losses surpassing $606 million within just the first 18 days of April, as outlined by Crypto.news using data from DefiLlama. Among these losses, the Drift Protocol alone suffered an estimated $285 million while Kelp DAO recorded losses around $292 million, indicating that these two incidents were largely responsible for the April downturn.
In a further occurrence, Wasabi Protocol also reported a significant loss of over $5 million across multiple networks, including Ethereum and Base, attributed to a compromised admin key that enabled attackers to modify contracts and siphon funds.
Implications of the TrustedVolumes Breach
The incident with TrustedVolumes highlights ongoing vulnerabilities in resolver contracts and the associated approval systems. Such infrastructures often require elevated permissions to facilitate rapid fund transfers and trade execution, posing increased risks when these permissions are left enabled after a contract enters a vulnerable state. Attackers can exploit these weaknesses by masquerading as trusted signers or rerouting funds through sanctioned contracts. It is important to clarify that the breach did not affect all users of 1inch; evidence suggests that only the specific resolver and RFQ proxy setup utilized by TrustedVolumes was compromised.
