Another multi-million-dollar attack has hit the DeFi space. This time, liquidity provider and market maker TrustedVolumes was exploited through a smart contract vulnerability on Thursday night.
Related Reading: Solana Eyes New Leg Up After Triangle Breakout – Is $96 The Next Stop?
TrustedVolumes Hit By $6.7M Hack
On Thursday, the DeFi platform TrustedVolumes—one of 1inch’s liquidity providers and market makers—was hit by a new exploit that drained millions of dollars in various assets from the project. According to blockchain security firms PeckShield and Blockaid, the attacker stole around $6 million in Wrapped Ethereum (WETH), Wrapped Bitcoin (WBTC), USDT, and USDC. They did this by exploiting a flaw in the protocol’s core signature validation logic, which let them bypass authorization checks and create fake trading orders.
Notably, the hacker quickly swapped all the stolen assets for 2,513 ETH on a decentralized exchange (DEX) and spread them across three different addresses. In a post on X, TrustedVolumes confirmed the incident, shared the addresses currently holding the stolen funds, and updated the estimated loss to roughly $6.7 million.
The vulnerability was in a custom RFQ (request for quote) swap proxy controlled by TrustedVolumes. Crypto researcher Humphrey explained that “the Custom RFQ Swap Proxy contract has a function meant to manage the ‘authorized order signer’ whitelist. These whitelist systems are common in DeFi—only addresses on the list can issue valid transaction instructions on behalf of the protocol.” However, he pointed out that “this registration function is public and has no permission restrictions.” As a result, the attacker used this public function to add themselves as an authorized order signer. “Since any external address can call this function, it’s like giving everyone the ability to copy the safe’s key,” the researcher added.
Same Hacker, Different Attack
Online reports revealed that the attacker was the same person behind the $5 million exploit of the 1inch Fusion V1 Settlement contract in March 2025, where TrustedVolumes was also the main victim. Humphrey noted that while the same individual carried out both attacks, they were very different on a technical level.
According to the post, the 2025 vulnerability involved low-level EVM memory manipulation in the 1inch Fusion V1 Settlement contract. At that time, the hacker “proactively started on-chain negotiations,” offering to return the stolen funds in exchange for a white hat bounty. The DeFi platform accepted the offer, and most of the money was safely returned. Now, TrustedVolumes has stated that it is “open to constructive communication about a bug bounty and a mutually acceptable solution.”
Decentralized exchange aggregator 1inch clarified that its systems, infrastructure, and user funds were not affected. It explained that “TrustedVolumes operates independently as a liquidity provider, used by many protocols across the industry, and is not exclusive to 1inch.”
DeFi Exploits See Historic Surge
This attack follows a wave of exploits that has shaken the DeFi sector over the past month. Last week, PeckShield reported that the crypto space saw 40 major hacks in April, draining about $647 million.
Related Reading: $150M Crypto Ponzi Crumbles: $41.5M Frozen In DSJ Exchange Collapse
This figure marks a 1,140% increase month-over-month from March’s $52.2 million. It also represents a 292% jump from the $165 million lost in the DeFi sector during the first quarter of 2026. Notably, the two biggest incidents of the month—Drift Protocol’s $285 million exploit and KelpDAO’s $290 million exploit—accounted for 91% of the funds lost in April. These two attacks are now among the Top 10 hacks since 2021.
Featured Image from Unsplash.com, Chart from TradingView.com
Frequently Asked Questions
Here is a list of FAQs about the TrustedVolumes hack written in a natural clear and concise tone
FAQs The TrustedVolumes 67 Million Hack
BeginnerLevel Questions
Q What happened to TrustedVolumes
A A DeFi platform called TrustedVolumes was hacked The attacker stole about 67 million worth of cryptocurrency from its smart contracts
Q Is my money on TrustedVolumes safe right now
A No The platform has been compromised If you had funds in the affected contracts they are likely lost You should immediately check official announcements from TrustedVolumes for updates on a recovery plan or freeze
Q What is a smart contract hack
A A smart contract is like a selfexecuting digital agreement on the blockchain A hack means the attacker found a flaw in that codelike a hidden back door or a logic errorand used it to drain the funds
Q Will I get my stolen money back
A It is very unlikely In most DeFi hacks stolen funds are quickly moved and laundered through mixers or other blockchains making recovery extremely difficult There is no guarantee
Q How did this happen in 2026 Arent DeFi platforms safer now
A Unfortunately no While security has improved hackers are also getting more sophisticated New complex protocols rushed code updates and oracle manipulation attacks remain common 2026 has seen a sharp rise in these exploits
AdvancedLevel Questions
Q What specific type of exploit was used on TrustedVolumes
A While the full audit is pending early reports suggest a flash loan attack combined with a price oracle manipulation The attacker borrowed a huge amount of crypto with no collateral artificially changed a token price on TrustedVolumes and then sold the borrowed assets at a profit before repaying the loan
Q Was this a bug in the code or was a private key stolen
A It appears to be a smart contract logic bug not a stolen admin key The attacker exploited a flaw in how the platform calculated collateral ratios during a specific trading function This means the code itself was the vulnerability not a compromised password