$6.7M Stolen from TrustedVolumes as 1inch Clarifies No Direct Involvement
TrustedVolumes, an independent resolver for 1inch Fusion, suffered a $6.7 million exploit, though 1inch clarified that its core systems, infrastructure, and user assets remained secure.
An independent resolver and market maker known as TrustedVolumes, which is utilized by 1inch Fusion, has acknowledged falling victim to an exploit and stated that approximately $6.7 million in pilfered assets are currently distributed among three separate Ethereum wallet addresses.
Through a Thursday statement on X, the market maker disclosed that the misappropriated assets were divided among three distinct wallets, where two of the addresses each contain roughly $3 million while the remaining address holds approximately $700,000. The company expressed willingness to engage in "constructive communication" regarding a potential bug bounty arrangement and seeking a "mutually acceptable resolution" to the situation.
This acknowledgment followed an alert from Blockaid, a Web3 security firm, which reported that its threat detection infrastructure had flagged an active Ethereum-based exploit specifically aimed at TrustedVolumes. According to Blockaid, the assault leveraged custom swap infrastructure under TrustedVolumes' control. The security company's preliminary assessment indicated that roughly $5.87 million had been siphoned off, comprising assets such as Wrapped Ether, USDT, Wrapped Bitcoin and USDC.
CertiK, another blockchain security firm, explained that the perpetrator gained authorization as an approved order signer via a publicly accessible function, subsequently leveraging this permission to carry out orders that siphoned assets from victim accounts.
This incident underscores the inherent dangers associated with third-party components utilized in decentralized exchange operations, demonstrating how resolvers and market makers can maintain separate contracts even when the primary protocol and regular users remain unaffected. As an independent liquidity provider serving various protocols including 1inch, TrustedVolumes operates autonomously, with 1inch clarifying that its proprietary systems, infrastructure and user assets were untouched by the breach.
Attempts by Cointelegraph to obtain further comments from TrustedVolumes were unsuccessful at the time of publication.
1inch says none of its protocols were breached
Through a statement posted on X, 1inch characterized media coverage that directly associated the platform with the TrustedVolumes security breach as "misleading," emphasizing that "neither 1inch nor any of the 1inch protocols are involved." The decentralized exchange protocol stressed that "no impact on 1inch systems, infrastructure or user funds" had occurred.
Sergej Kunz, who serves as co-founder of 1inch, further clarified that TrustedVolumes functions as an independent entity and does not work exclusively with 1inch. "While it is true that 1inch uses TrustedVolumes as a resolver, we are one of many," Kunz explained.
According to Kunz, characterizing this security incident as being 1inch-related was "confusing and harmful," while noting that 1inch continues to track the situation alongside security partners and stands ready to provide assistance as needed.
Vladimir Sobolev, a security researcher operating under the handle Officer's Notes on X, also confirmed to Cointelegraph that there existed "no risk for 1inch users," emphasizing that the vulnerability was confined exclusively to TrustedVolumes.
According to Sobolev, this exploit reveals more fundamental deficiencies in cryptocurrency security methodologies, where system weaknesses can rapidly result in substantial financial losses.
"We lack security in general. Blockchains just tend to have an immediate payoff. We need to pay more attention to kill switches, monitoring, circuit breakers, etc."
Vladimir Sobolev, Security Researcher
Blockaid and Sobolev both identified the perpetrator as the identical individual behind the March 2025 exploit targeting the 1inch Fusion V1 resolver. Nevertheless, Blockaid clarified that this most recent attack exploited a completely different security weakness.
During March 2025, 1inch disclosed that a security flaw had impacted resolvers utilizing an obsolete Fusion v1 implementation within their proprietary contracts, though end-user assets remained protected. SlowMist subsequently tracked approximately $5 million worth of misappropriated digital assets, which included USDC and Wrapped Ether.
The platform and the compromised resolver entered into negotiations with the perpetrator, who ultimately restored the majority of the stolen assets as part of a bug bounty arrangement, based on statements from 1inch and a post-incident analysis provided by Decurity.