Currencies38126
Market Cap$ 2.28T+1.68%
24h Spot Volume$ 26.91B-18.7%
DominanceBTC56.42%+0.48%ETH9.43%+0.14%
ETH Gas0.15 Gwei
Cryptorank
/

DeFi Platform TrustedVolumes Hit By $6.7M Hack As 2026 Exploits Surge

DeFi Platform TrustedVolumes Hit By $6.7M Hack As 2026 Exploits Surge

Share:

AI Overview

TrustedVolumes, a DeFi liquidity provider and market maker, was exploited on Thursday with an estimated loss of ~$6.7M after a public RFQ swap proxy whitelist function was abused; stolen WETH, WBTC and USDT were quickly swapped to 2.513 ETH and moved to three addresses. The attacker appears to be the same actor behind the March 2025 1inch Fusion V1 $5M exploit; TrustedVolumes is open to bug-bounty negotiations while 1inch says its own systems and user funds were not affected. The hack comes amid a DeFi security surge: April recorded 40 major hacks totaling ~$647M (1,140% MoM increase from March’s $52.2M), with Drift ($285M) and KelpDAO ($290M) making up 91% of April losses, underscoring elevated crypto/DeFi security risks.

Bearish

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Another multi-million-dollar attack has hit the DeFi sector after liquidity provider and market maker TrustedVolumes fell victim to a smart contract exploit on Thursday night.

TrustedVolumes Hit By $6.7M Hack

On Thursday, DeFi platform TrustedVolumes, one of 1inch liquidity providers and market makers, suffered a new exploit that drained millions of dollars in multiple assets from the project.

According to reports from blockchain security firms PeckShield and Blockaid, the attacker stole approximately $6 million in Wrapped Ethereum (WETH), Wrapped Bitcoin (WBTC), USDT, and USDT after exploiting a vulnerability in the protocol’s core signature validation logic, which allowed them to bypass authorization checks and forge trading orders.

Notably, the hacker quickly exchanged all assets for 2.513 ETH on a Decentralized Exchange (DEX) and distributed them across three addresses. In an X post, TrustedVolumes confirmed the incident, sharing the addresses currently holding the stolen funds and updating the estimated loss to roughly $6.7 million.

Defi

The vulnerability was a TrustedVolumes-controlled custom RFQ (request for quote) swap proxy. Crypto researcher Humphrey explained that “the Custom RFQ Swap Proxy contract contains a function designed to manage the ‘authorized order signer’ whitelist. Such whitelist mechanisms are common in DeFi—only addresses on the whitelist can issue valid transaction instructions on behalf of the protocol.”

However, he noted that “this registration function is public and lacks any permission modifiers.” As a result, the attacker exploited this public function within the contract, registering themselves as an authorized order signer.

“Since any external address can call this function, it is equivalent to giving everyone the ability to make a copy of the safe’s key,” the researcher continued.

Same Hacker, Different Attack

The online reports revealed that the attacker was the same hacker responsible for the $5 million 1inch Fusion V1 Settlement contract exploit in March 2025, which TrustedVolumes was the primary victim.

Humprey highlighted that while the same individual carried out both attacks, they were significantly different on a technical level. According to the post, the 2025 vulnerability involved low-level EVM memory manipulation in the 1inch Fusion V1 Settlement contract.

At the time, the hacker “proactively initiated on-chain negotiations,” offering to return the stolen assets for a white hat bounty. The DeFi platform accepted the proposal, and most of the funds were safely returned.

Now, TrustedVolumes affirmed that it is “open to constructive communication regarding a bug bounty and a mutually acceptable resolution.”

Decentralized exchange aggregator 1inch clarified that there was no impact on its systems, infrastructure, or user funds, explaining that “TrustedVolumes operate independently as a liquidity provider, used by multiple protocols across the industry, and are not exclusive to 1inch.”

DeFi Exploits See Historic Surge

This attack follows a wave of exploits that has shaken the DeFi sector over the past month. Last week, PeckShield revealed that the crypto space saw 40 major hacks in April, which drained approximately $647 million.

This figure represents a 1,140% Month-over-Month (MoM) increase from March’s $52.2 million. It also represents a 292% surge from the $165 million the DeFi sector lost during the first quarter of 2026.

Notably, the top two incidents of the month, Drift Protocol’s $285 million and KelpDAO’s $290 million exploits, accounted for 91% of the funds lost last month. In addition, they now rank among the Top 10 hacks since 2021.

DeFi, Ethereum, eth, ethusdt
Read the article at NewsBTC

In This News

Coins

$ 64.23K

+2.24%

$ 1.78K

+1.82%

$ 0.99923

+0.02%

$ 1.78K

+1.90%

$ 64.24K

+2.29%

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Coins

$ 64.23K

+2.24%

$ 1.78K

+1.82%

$ 0.99923

+0.02%

$ 1.78K

+1.90%

$ 64.24K

+2.29%

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Ethereum Gas At 1 Gwei Gives Mainnet Users A Rare Cheap Window

Ethereum Gas At 1 Gwei Gives Mainnet Users A Rare Cheap Window

Ethereum mainnet is rarely described as cheap, but 1 gwei gas changes the tone. For u...
Ethereum Spot ETFs See $52.08M Net Outflow, Breaking Five-Day Inflow Streak

Ethereum Spot ETFs See $52.08M Net Outflow, Breaking Five-Day Inflow Streak

Ethereum spot ETFs recorded a net outflow of $52. 08 million, snapping a five-day str...