TrustedVolumes Hack
Incident Overview
On May 7, 2026, TrustedVolumes, a liquidity provider and resolver for 1inch Fusion, was exploited for approximately $6.7M due to a vulnerability in its custom RFQ swap proxy contract. The attacker drained assets including WETH, USDT, and WBTC from the resolver’s contract on Ethereum.
The exploit targeted a vulnerability within the custom RFQ (Request for Quote) swap proxy contract managed by TrustedVolumes. The attacker identified a logic flaw in the resolver's private architecture that allowed for the unauthorized extraction of liquidity across several major assets. Because the resolver contract handles trade execution for automated orders, the vulnerability permitted the attacker to divert funds during the settlement process.
Security researchers identified that the operator behind the attack appears to be the same entity involved in the March 2025 1inch Fusion V1 incident, although the specific vulnerability used here was unique to the TrustedVolumes implementation. Following the drain, the project identified three primary attacker addresses holding the funds and has publicly requested communication to negotiate a bug bounty and the return of the stolen liquidity.
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to TrustedVolumes, these are the critical security checks that could have prevented this incident (May 2026).
- Verify all logic paths related to Other are guarded by proper access controls and input validation
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialProof-of-Concept Exploits
On-Chain Evidence & References
Sources & References
Learn to Prevent the Next TrustedVolumes
The TrustedVolumes hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.