- TrustedVolumes said three Ethereum addresses hold stolen funds worth about $6.7 million.
- Blockaid said the exploit affected a TrustedVolumes resolver on Ethereum and extracted about $5.87 million at detection time.
- 1inch said neither its protocol nor its infrastructure was involved or affected by the TrustedVolumes exploit.
TrustedVolumes, a liquidity provider used across DeFi markets, said it was recently exploited and identified three Ethereum addresses holding stolen funds. The company estimated the balances at about $3 million, $3 million, and $700,000, placing the total near $6.7 million.
The incident drew rapid clarification from 1inch after early reports linked the exploit to its ecosystem. However, 1inch said its protocols, systems, infrastructure, and user funds were not affected, while Blockaid described the case as a TrustedVolumes-controlled resolver exploit on Ethereum.
TrustedVolumes Lists Stolen Funds
TrustedVolumes confirmed the exploit in an X post and published three Ethereum addresses tied to the stolen funds. The company said two addresses held about $3 million each, while a third address held about $700,000.
According to Etherscan data provided, one listed address held 1,222.1188 ETH, valued at about $2.80 million at an ETH price of $2,294.63. The address had nine transactions, with the first and latest activity shown around 14 hours ago and 10 hours ago.
Etherscan also showed token approval activity involving WBTC, USDC, and USDT, alongside transfers and an executed transaction. The address was funded by a wallet labeled “TrustedVolumes Exploiter 1,” according to the page details.
TrustedVolumes said it remains open to “constructive communication regarding a bug bounty and a mutually acceptable resolution.” The firm also shared an email address and Telegram contact for direct communication with the party holding the funds.
Blockaid Details Ethereum Exploit
Blockaid said its exploit detection system identified an ongoing exploit on TrustedVolumes. The security firm described TrustedVolumes as a 1inch market maker or resolver, while naming Ethereum as the affected chain.
According to Blockaid, the victim contract was a TrustedVolumes resolver at 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31. It also identified the exploiter as 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100.
Blockaid said the exploit had extracted about $5.87 million at the time of its post. The assets listed included 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC.
Notably, Blockaid said the same operator was linked to the March 2025 1inch Fusion V1 incident. Nevertheless, it described this case as a different vulnerability in a TrustedVolumes-controlled custom RFQ swap proxy.
1inch Rejects Exploit Link
1inch said it was aware of misleading reports about the TrustedVolumes exploit. The protocol stated that neither 1inch nor any of its protocols were involved in the incident.
The team added that there was no impact on 1inch systems, infrastructure, or user funds. It said TrustedVolumes operates independently as a liquidity provider used by several protocols across the industry, not only by 1inch.
Meanwhile, Sergej Kunz also responded to the reports and said the framing was misleading. He said neither 1inch nor its protocols had been exploited, compromised, or affected in any way.
Kunz said TrustedVolumes provides liquidity services to 1inch and many others across the industry. He added that 1inch continues to monitor the situation with security partners and will correct statements it views as inaccurate.
Related: Marlon Ferro Sentenced to 78 Months in $250M Crypto Theft Network Case
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
