TrustedVolumes suffered a major security breach on Thursday after a hacker exploited vulnerabilities in its custom trading infrastructure and drained approximately $5.9 million in crypto assets.
The stolen funds reportedly included Ethereum, Wrapped Bitcoin, along with the stablecoins Tether and USD Coin.
Security Firms Reveal How the Exploit Happened
Blockchain security company Blockaid monitored the exploit in real time and reported that the attacker stole around 1,291 WETH, nearly 16.9 WBTC, about 206,000 USDT, and close to 1.27 million USDC.
Investigators said the breach targeted a weakness in TrustedVolumes’ custom Request for Quote settlement mechanism, commonly known as an RFQ proxy.
Security researchers at GoPlus Security explained that the attacker took advantage of a publicly accessible function called “registerAllowedOrderSigner,” which allowed anyone to register themselves as an approved signer for trades they controlled.
While the function itself was not necessarily dangerous, the real vulnerability emerged from the way the settlement system handled authorization checks. The protocol verified permissions against one wallet address while simultaneously pulling funds from another source.
According to a technical analysis published by security researcher Defi Nerd, the attacker exploited this mismatch to carry out four separate draining transactions against the TrustedVolumes resolver contract, which had already granted the proxy permission to move tokens.
Each transaction reportedly transferred assets out of the resolver contract while returning only a minimal amount of USDC in exchange. After obtaining the stolen WETH, the hacker converted it back into ETH and transferred the proceeds to personal wallet addresses.
TrustedVolumes Seeks Contact With Attacker
TrustedVolumes later confirmed the exploit and publicly shared three wallet addresses believed to contain the stolen assets. The company also requested that the attacker contact the team to discuss a possible bug bounty arrangement and negotiate a mutually acceptable resolution.
1inch Clarifies It Was Not Compromised
Because TrustedVolumes operates as a liquidity provider and market maker on 1inch, early reports initially described the incident as a breach involving the 1inch protocol itself.
However, both 1inch and Blockaid later clarified that the protocol was never compromised and that no user funds connected to 1inch were affected. TrustedVolumes functions independently across multiple decentralized finance platforms and is not exclusive to 1inch.
DeFi Sector Continues to Face Security Challenges
The attack adds to an already difficult period for the decentralized finance sector. During April alone, more than $650 million worth of cryptocurrency was reportedly stolen from various projects across the industry.
Among the largest incidents were exploits involving KelpDAO and Drift Protocol, which allegedly lost $292 million and $285.2 million respectively.
Although the TrustedVolumes exploit was smaller in financial scale, researchers noted that the technical complexity of the attack made it particularly significant. The hacker reportedly used a specialized helper contract, manipulated self registration permissions, and exploited inconsistencies between authorization checks and funding sources within a single transaction.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
