Losses from the exploit are estimated at approximately $5.87 million. The attack targeted TrustedVolumes’ resolver contract on Ethereum.
1inch’s liquidity partner and market maker TrustedVolumes has suffered a major attack. According to the latest data, the attacker has withdrawn approximately $5.87M in crypto assets.
Hot topic: Bitcoin on May 7 — BTC Price Exceeds $82K for First Time Since February
Exploit Details
The attack affected TrustedVolumes’ resolver contract on Ethereum (ETH). According to Blockaid analysts, the hacker has already withdrawn:
- 1,291.16 WETH
- 206,282 USDT▼$0.9989
- 16,939 WBTC
- Nearly 1.27M USDC▲$0.9999
The total value of stolen assets is estimated at approximately $5.87M. At the time of publication, the incident was still developing. The editorial team continues to monitor updates.
Read more: What is DeFi 2.0? The Upgrade That Will Redefine Crypto Markets
Link to Previous Hack
According to Blockaid, the same operator who hacked 1inch Fusion V1 in March 2025, stealing about $5M, is behind this attack. However, this time they exploited a different vulnerability—in TrustedVolumes’ custom RFQ proxy server.
1inch’s Response
1inch stated that the incident did not affect their own systems, infrastructure, or user funds. The company emphasized that TrustedVolumes operates independently and provides liquidity to several protocols.
This marks the fifth major DeFi hack since the beginning of May. In April 2026, hackers stole a record $635M, the highest since February 2025. The most notable attacks include the Drift Protocol exploit at $285M and the Kelp DAO hack at $293M.
Learn more: What Is Crypto Cybersecurity? The Ultimate Guide to Protecting Digital Assets
