Another day, another decentralized finance (DeFi) exploit, the liquidity provider. TrustedVolumes has been targeted in a fresh attack causing losses of almost $5.87 million across some crypto-assets.
The breach is part of a growing list of vulnerabilities afflicting the ecosystem, and adds to the tally as at least five DeFi exploits have been reported this month.
Blockchain security firm Blockaid attributed the hack to an attacker who managed to successfully drain 1,291.16 WETH, 206,282 USDT, 16.939 WBTC and 1,268,771 USDC, all transacted on Ethereum network.
When news first broke, the scale of the breach was staggering, but even more staggering is that it happened as DeFi protocols are facing increased scrutiny for their security.
🚨 Blockaid's exploit detection system has identified an on-going exploit on TrustedVolumes (1inch market maker / resolver, @trustedvolumes ).
Chain: EthereumVictim contract: TrustedVolumes resolver — 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31
Exploiter:…
— Blockaid (@blockaid_) May 7, 2026
The attack is said to still be ongoing, which has created an urgency within security teams and the crypto community at large to stop any further losses. As money continues to change hands, investigators have begun tracking on-chain movements in real time.
Contents
- 1 Attacker Linked To Previous 1inch Fusion Hack
- 2 1inch Clarifies No Direct Impact On Protocol Or Users
- 3 Multifaceted Drain Sheds Light On The Complexity Of Modern Attacks
- 4 Increasing Monthly Share of Exploits Indicates Systemic Weakness
- 5 Response From the Industry and Continued Monitoring
- 6 A Defining Moment For The Maturity Of Security In DeFi
Attacker Linked To Previous 1inch Fusion Hack
In a troubling turn of events, Blockaid has linked the exploit of TrustedVolumes to the same actor that perpetrated the 1inch Fusion V1 March 2025 Attack. The connection suggests a pattern of serial attacks and raises tantalising questions about how established threat actors continue to exploit vulnerabilities across multiple DeFi underbelly.
This attacker’s return highlights an industry-wide systemic error of insufficient deterrence and improper coordination of defense strategies between protocols. The attacker had previously used them for attacks but has learned from mistakes and now specialised in conducting operations against new targets, using these natural weaknesses of liquidity infrastructures.
This is not a pattern that is rare to come by in DeFi. After identifying exploitable logic or systemic defects, an attacker often can improve their techniques and come back with more advanced methods. That’s the path that breaches like TrustedVolumes tend to follow, which is why it’s important to think about how to build a proactive security framework instead of a reactive one.
1inch Clarifies No Direct Impact On Protocol Or Users
The protocol issued an unambiguous notice in the wake of speculation regarding the exploit’s connection to 1inch. Its core systems, underpinning infrastructure and users’ funds are reported to be unaffected, said 1inch.
We are aware of misleading reports relating to an exploit involving TrustedVolumes. We can confirm that neither 1inch nor any of the 1inch protocols are involved.
There is no impact on 1inch systems, infrastructure or user funds.
TrustedVolumes operate independently as a…
— 1inch (@1inch) May 7, 2026
This arises from TrustedVolumes providing liquidity, being the protocol that interfaces with 1inch and others. Still, 1inch stressed that TrustedVolumes is a standalone dapp and not exclusive to its platform.
This distinction is crucial. Interconnectedness in DeFi means that third-part liquidity providers often deal with several platforms, forming an overlap of relations which leads to lapses in tracing security breaches.
Although 1inch’s infrastructure is still unaffected by this incident, the exploitation has shown that reading channels emanating directly from adjacent entities can be diverted and subsequently result in market distortion and user distrust.
The 1inch token continues to trade at normal conditions with no significant impact on the price or volume, currently trading at $0.098.
Multifaceted Drain Sheds Light On The Complexity Of Modern Attacks
This breakdown of stolen assets expands on the increasing sophistication of DeFi exploits The attacker targets four different tokens, WETH, USDT, WBTC, and USDC, which showcases an advanced understanding of liquidity flows and the interoperability of assets that exist within Ethereum.
This multi-asset approach allows attackers to spread out their risk and maximize recovery efficiency. Stablecoins (USDT, USDC) are instantly freshly liquid while wrapped assets (WETH or WBTC) offer deeper protocol level integration with DEXes/lending protocols.
Such attacks are rarely opportunistic. These usually involve extracting smart contracts and liquidity and usually require precise timing. This exploit pattern seems the playbook for TrustedVolumes, leveraging technical weaknesses and capital market structures to conduct impactful attacks.
The most worrying fact is that this is the fifth DeFi exploit in the same month. This indicates that it is more systemic than isolated, which may put many layers of the decentralized ecosystem in jeopardy.
Every exploit chips away at precisely that confidence not only in the afflicted actors, but all of DeFi. Repeated security breaches present significant worries for risk management, regulatory oversight, and the long term viability of the sector to institutional investors as well as newcomers.
Auditing, bug bounty programs and formal verification have all advanced yet attackers keep finding entry points. This suggests that existing security measures, even though getting better, are still not effective against bad actors who are still evolving towards more sophisticated behaviours.
One thing the industry is currently faced with is whether it can evolve its security standards faster than new threats rise.
Response From the Industry and Continued Monitoring
1inch acknowledged that it is carefully following the situation and working with its security partners in response to the exploit. These types of coordinated responses are the new norm in DeFi, where speed and information sharing are essential elements to containing the damage.
Meanwhile, blockchain analytics firms and security platforms track the attackers’ on-chain activity to detect patterns of exploitation and allow forensic investigations that may be used to freeze the effort when possible. However, due to the pseudonymous nature of blockchain transactions, recovery is a tedious process.
Details surrounding the incident with TrustedVolumes further highlights why we should be transparent. Addressing this breach upfront is an important step and reassures users, do your homework to mitigate misinformation during these times.
A Defining Moment For The Maturity Of Security In DeFi
With the growth of the DeFi ecosystem, TrustedVolumes exploit serve as stark reminders of dangers inherent to open monetary systems. Innovation and accessibility come along with a set-in-stone trade-off, and security happens to be one of them.
The return of familiar attackers, the increase in monthly exploits, and the sophistication of multi-asset breaches suggest that this is both an industry maturing and a hint into vulnerability. Going forward greater cooperation between protocols, liquidity providers and security companies will be needed.
In the end, sustainable growth in DeFi will depend on the sector’s ability to create scalable, yet resilient systems.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!
