- TrustedVolumes loses nearly $6 million in an active exploit
- Attack targets a custom swap proxy tied to 1inch
- Same attacker allegedly linked to earlier 1inch Fusion exploit
- Highlights growing security risks across DeFi infrastructure
Another Major DeFi Security Breach
TrustedVolumes, a liquidity provider and market maker connected to 1inch, is currently facing an exploit that has drained roughly $5.87 million from its Ethereum-based resolver contract.
According to Blockaid, the attacker extracted multiple assets including wrapped ether, bitcoin, USDC, and USDT.
What Actually Failed
The exploit reportedly targeted a custom RFQ (request-for-quote) swap proxy managed by TrustedVolumes.
RFQ systems are commonly used in decentralized exchanges to improve pricing and reduce slippage by allowing professional market makers to quote trades directly. However, because these systems often involve custom smart contract logic, they can introduce additional attack surfaces if not thoroughly audited.
Connection to Earlier 1inch Attacks
Blockaid believes the same entity was responsible for the 2025 exploit against 1inch Fusion V1.
This suggests attackers may be repeatedly targeting infrastructure surrounding decentralized liquidity and routing systems rather than attacking major protocols directly.
DeFi Security Pressure Intensifies
The exploit adds to a wave of major attacks that have hit decentralized finance in recent months.
Cross-chain systems, liquidity routing infrastructure, and oracle integrations have become some of the industry’s weakest points. As more capital flows into DeFi, attackers are increasingly targeting backend infrastructure instead of simple wallet exploits.
The incident also reinforces a growing concern that DeFi’s complexity is becoming harder to secure as protocols integrate more custom tools and interconnected systems.
