TrustedVolumes, a liquidity provider and market maker serving 1inch Fusion and other protocols, lost roughly $6.7 million in an exploit on Ethereum. Web3 security firm Blockaid spotted the attack first, and TrustedVolumes confirmed the incident on Thursday.
The attack
Blockaid flagged suspicious activity on the Ethereum network before TrustedVolumes publicly acknowledged the drain. The attacker walked away with about $6.7 million, though how they gained access remains unclear. The security firm has not released a full post-mortem, and TrustedVolumes hasn't shared details of the vulnerability or whether any funds were frozen.
Who is TrustedVolumes
TrustedVolumes operates as a resolver and market maker — firms that provide liquidity for decentralized exchange aggregators. 1inch Fusion, a popular DEX aggregation tool, relies on its network of resolvers to execute swaps efficiently. The exploit doesn't directly impact 1inch's smart contracts, but it shows the risks in the middleware layer powering DeFi trades.
The response so far
TrustedVolumes confirmed the exploit on Thursday but provided no timeline for a recovery plan or whether it has paused operations. The company hasn't said if it will reimburse affected partners or users. Blockaid continues to investigate, but no law enforcement involvement has been publicly disclosed.
The timing isn't great. DeFi has been under pressure from regulators and hacks this year, and an exploit tied to a key liquidity provider adds to the unease. How the attacker managed to drain the contract — and whether TrustedVolumes can shore up its security — are the open questions as the weekend begins.
