TrustedVolumes has confirmed it was hacked for roughly $6.7 million and says it is willing to negotiate a bounty and “mutually acceptable solution” with the attacker.
In a post on X, the 1inch‑linked liquidity provider said the stolen funds are currently parked across three addresses holding about $3 million, $3 million, and $700,000 in assets, respectively, and that it is “open to constructive communication” over a vulnerability bounty and potential return of funds. The disclosure follows earlier on‑chain alerts from security firms indicating that nearly $6 million had already been drained from the protocol’s Ethereum resolver contract.
According to blockchain security company Blockaid, cited in multiple incident reports, the attack targeted a custom request‑for‑quote (RFQ) swap proxy controlled by TrustedVolumes rather than a standard 1inch route. An analysis on crypto.news noted that approximately $5.87 million was pulled from TrustedVolumes’ resolver, including 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC, and that the exploiter address appears to be the same actor behind the March 2025 1inch Fusion v1 hack.
The latest exploit again hit infrastructure connected to 1inch without compromising end users directly, echoing last year’s Fusion incident in which an obsolete resolver contract was abused to drain funds from a third‑party market maker—TrustedVolumes—before the router was redeployed. In a statement summarized by PANews, 1inch stressed that its core aggregation contracts were not affected and that the vulnerability lay in TrustedVolumes’ custom RFQ proxy design.
TrustedVolumes’ public offer to engage with the attacker mirrors a now‑familiar pattern in DeFi, where teams try to convert live exploits into “white hat” events by dangling bug bounties and informal immunity. In several 2023–2025 cases, including the original 1inch Fusion hack, negotiations led to most funds being returned after the exploiter was identified or cornered, as detailed in a separate crypto.news report on that episode.
Whether the TrustedVolumes attacker accepts the invitation will be critical for users and counterparties. If talks succeed, much of the roughly $6.7 million could find its way back to the protocol, limiting contagion and helping restore some trust in 1inch‑adjacent liquidity routes. If they fail, the incident will reinforce a broader trend crypto.news has been tracking in other coverage and analysis: sophisticated actors increasingly target the custom proxies and privileged contracts that sit just behind familiar DeFi front ends, exploiting complexity that most retail traders never see.
