TrustedVolumes Hack

TOTAL LOST $6.7M
Medium Other

Summarize with AI

Affected Chain 2026 Incident surface
Recovered - No recovery reported
All-Time Rank #377 By amount stolen
Protocol Type Exploit/Other Target category

Incident Overview

On May 7, 2026, TrustedVolumes, a liquidity provider and resolver for 1inch Fusion, was exploited for approximately $6.7M due to a vulnerability in its custom RFQ swap proxy contract. The attacker drained assets including WETH, USDT, and WBTC from the resolver’s contract on Ethereum.

The exploit targeted a vulnerability within the custom RFQ (Request for Quote) swap proxy contract managed by TrustedVolumes. The attacker identified a logic flaw in the resolver's private architecture that allowed for the unauthorized extraction of liquidity across several major assets. Because the resolver contract handles trade execution for automated orders, the vulnerability permitted the attacker to divert funds during the settlement process.

Security researchers identified that the operator behind the attack appears to be the same entity involved in the March 2025 1inch Fusion V1 incident, although the specific vulnerability used here was unique to the TrustedVolumes implementation. Following the drain, the project identified three primary attacker addresses holding the funds and has publicly requested communication to negotiate a bug bounty and the return of the stolen liquidity.

Victim Contract: 0x9bA0CF15…0EDa31

Attacker Wallets:

0x61e63016…cc2d1c

0xc3ebddea…389100

0xfA4F52DF…617e07

Incident Report

Protocol / Project TrustedVolumes
Date of Incident
Attack Technique Other
Classification Exchange (DEX)

Protocol Information

Protocol Type Exploit/Other
Official Website trustedvolumes.com/
Protocol Twitter/X @trustedvolumes
Team Anonymous
Source Code Unverified

What the Attacker Needed to Succeed

Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.

Technical Knowledge Deep understanding of other and Solidity and EVM internals
Capital Required Seed capital to cover gas and initial position setup
On-Chain Access Ability to interact with smart contracts and deploy a custom exploit contract
Protocol Analysis Identification of the exploitable vulnerability in TrustedVolumes's contract logic - root cause: exchange (dex)
Execution Speed Precise transaction ordering and timing to exploit the vulnerability within a single atomic block
Obfuscation Plan A strategy to launder and move stolen funds - typically through mixers, cross-chain bridges, or decentralized DEX swaps to resist tracing

What Auditors Should Check

Could this have been caught in audit? Likely — with a thorough Other audit checklist and test coverage

If you're auditing a protocol with similar architecture to TrustedVolumes, these are the critical security checks that could have prevented this incident (May 2026).

  • Verify all logic paths related to Other are guarded by proper access controls and input validation
  • Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs

Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.

Free Trial

Proof-of-Concept Exploits

1 PoC available
poc-exploits - trustedvolumes

Sources & References

Learn to Prevent the Next TrustedVolumes

The TrustedVolumes hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.

Recreate exploit patterns safely Free Trial