TrustedVolumes loses $6.7 million from exploit, launches bounty talks


  • TrustedVolumes was exploited today, May 7, 2026, and lost approximately $6.7 million.
  • The attackers discovered a vulnerability in the agency contract and by exploiting the flaw, the attackers were able to drain funds.
  • The hack highlights the growing security threats across DeFi infrastructure.

Today, on May 7, 2026, alerts issued by blockchain security firm Blockaid indicated that TrustedVolumes, the main liquidity provider and market maker of the 1inch ecosystem, has been exploited on the Ethereum network. The attacker extracted approximately $6.7 million in assets (according to TrustedVolumes), including 1,291.16 WETH, 206,282 USDT, 16,939 WBTC, and 1,268,771 USDC, according to security firms Blockaid and Web3.

The incident is being investigated as a sophisticated smart contract exploit rather than a traditional phishing smart contract exploit or social engineering attack, underscoring persistent vulnerabilities in decentralized finance (DeFi) protocols.

What went wrong with the TrustedVolume exploit?

In the midst of all this chaos, A Custom RFQ (Request for Quotation) swap agent contract0xeeee….1756, controlled by TrustedVolumes. The attacker, operating from the address 0xc3eb….9100, first deployed a malicious contract called “registerAllowedOrderSigner(signer=0xc3eb…9100,allow=true)” in the settlement contract, effectively giving himself a license to execute trades.

Taking advantage of the TrustedVolumes Market Maker’s unlimited approval of the settlement contract, the attacker initiated multiple settlement transactions, using the 0x4112e1c2 parameter to withdraw large amounts of WETH, USDT, WBTC, and USDC units to the Market Maker. This allowed the attacker to drain the liquidity pool before returning the funds to the exploit address.

Security analyzes indicate that the vulnerability stems from inadequate access controls and a lack of stringent validation checks in the RFQ swap agent. The basic management functionality was left publicly available and had no restrictions. This allowed the attacker to bypass security checks and exploit the contract.

This mirrors previous incidents, such as the 1inch Fusion v1 exploit in March 2025, where similar oversights in older smart contracts allowed attackers to drain liquidity, although the current exploit targets different contract components. The attack refers to the risks of high-risk dedicated paths in DeFi systems that directly interact with large liquidity pools.

TrustedVolumes opens talks about a bug bounty after $6.7 million exploit

TrustedVolumes publicly acknowledged the recent exploit and confirmed via a post by X (formerly known as Twitter) that several wallet addresses are currently holding the stolen funds. In the post, the team also talks about the estimated loss of around $6.7 million across multiple Ethereum addresses.

TrustedVolumes said in its statement that the platform is open to discussing with the attacker a potential bug bounty agreement and arriving at a workable solution.

The protocol also shared direct contact details, including ProtonMail and Telegram, so anyone with useful information can reach out and potentially help recover the stolen assets. The incident once again highlights the growing security risks of DeFi protocols and liquidity providers.

Is this exploit similar to recent DeFi attacks?

TrustedVolumes exploits the stock’s similarities to several high-profile DeFi breaches in 2026, particularly those involving cross-chain protocols and restaking. Moreover, the Exploiting protocol drift On Solana, which resulted in a $285 million loss, social engineering was used to compromise multiple protocol management and persistent tokens, allowing pre-signed transactions to be executed.

In the same way, Exploit KelpDAOassociated with losses of approximately $292 million to $294 million, exploited vulnerabilities in the LayerZero-based rsETH bridge, where manipulated cross-chain messages resulted in the issuance of unsupported rsETH tokens.

These events collectively highlight a trend: Highly complex custom components in DeFi, such as request-for-quote agents, cross-chain bridges, and governance mechanisms, are prime targets for sophisticated actors. The TrustedVolumes exploit, like the Drift and KelpDAO cases, demonstrates how single points of failure in smart contracts or infrastructure can lead to cascading effects across the ecosystem.

Additionally, the Lazarus Group, a North Korea-linked hacking collective, has been linked to such large-scale DeFi thefts, leveraging its experience with cross-chain attacks and operational flaws.

The role of artificial intelligence in vulnerabilities: Lazarus theory

There is speculation about the possible existence of a Lazarus Group Taking advantage of artificial intelligence (Artificial Intelligence) to accelerate and automate vulnerability detection. AI tools can analyze massive amounts of on-chain data, identifying patterns of communication interactions, gas usage, and user behavior to identify vulnerabilities faster than traditional methods.

For example, machine learning models can simulate attack scenarios, optimizing for maximum return in minimal time, as demonstrated in cross-chain exploits targeting protocols such as KelpDAO.

Impact on DeFi and the broader ecosystem

The TrustedVolumes exploit adds to a wave of high-value DeFi hacks in 2026, contributing to over $13-15 billion in TVL (total value locked) flows across major protocols such as ghost And a complex. These incidents have eroded user confidence, with many platforms halting operations or implementing emergency pauses to mitigate further losses.

The frequent targeting of market makers and liquidity providers highlights systemic risks, as disruption in these roles can lead to broader liquidity crises and price volatility.

For protocols like KelpDAO and Drift, the impact includes not only direct financial losses, but also reputational damage and regulatory scrutiny. For example, the KelpDAO rsETH bridge exploit raised questions about the security of cross-chain infrastructure, leading to calls for improved audits and isolation of critical components.

Likewise, the Drift vulnerability emphasized the need for strong governance and multi-signature guarantees. The TrustedVolumes incident is a reminder that even well-audited projects with well-established security measures remain vulnerable to sophisticated attack vectors.

Recommendations for the DeFi community

To avoid such exploits in the future, DeFi protocols should adopt strict permission lists and consistent checks for all swaps and agent paths, treating analyst/operator flows as high-risk surfaces.

There must be continuous on-chain monitoring, emergency shutdown mechanisms, and regular audits are necessary to detect and respond to anomalies immediately.

Additionally, isolating custom components behind strong access controls can prevent unauthorized interactions, as demonstrated by the TrustedVolumes vulnerabilities.

As AI-driven attacks become more sophisticated, collaboration between security companies and AI developers is critical to developing proactive defenses. The DeFi ecosystem must prioritize transparency, flexibility, and quick response to maintain trust and ensure there is sustainable growth.

As the KelpDAO and Drift protocols come under increasing scrutiny, lessons learned from incidents like TrustedVolumes could shape a safer future for decentralized finance.

Read also: Bitcoin surges above $81K as altcoins hint at a comeback



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Simon Jerovich has been confirmed as a Bitcoin 2026 speaker
Dragonfly’s Haseeb Qureshi warns that proxy payments aren’t ready for mass adoption
Up to $5,000 per person received after healthcare company settles data breach lawsuit affecting 904,672 patients
Katana price rises by 38% after the inclusion of Upbit and Bithumb