Article
On May 7, 2026, DeFi market maker and 1inch Fusion Resolver TrustedVolumes reported an exploit of about $6.7 million. Security firms linked the attacker to the March 2025 1inch Fusion V1 resolver exploit, in which TrustedVolumes was also the main victim. The new incident reportedly involved TrustedVolumes' custom RFQ swap proxy contract, old ERC-20 approvals, and an improperly exposed Allowed Order Signer mechanism.
Same attacker. Same victim. Same polite “let’s discuss a bug bounty” statement. Fourteen months. $6.7 million.
That is not a DeFi exploit cycle. That is a subscription plan.
A year ago, TrustedVolumes lost roughly $5 million, negotiated, let the attacker keep about $450,000, and the industry filed it under “white-hat resolution.” Apparently the market did learn something. The lesson was: this works.
Anyone who ever used 1inch Fusion and left an unlimited approval hanging should stop feeling clever and start checking approvals. The only reason your tokens are still there may be that the attacker has not got around to your wallet yet.
TrustedVolumes is not just “some DeFi app.” It is a market maker and Resolver in the 1inch Fusion ecosystem. In plain English: it takes the other side of user intent orders and earns spread from execution.
To become a Fusion Resolver, an entity needs 1INCH staking power, its own contracts, and fast settlement infrastructure. This is not supposed to be a garage operation. Which is why the branding lands with such perfect irony: TrustedVolumes, a name that basically gives itself a medal for being trusted. Its website sells “The Art of Market Making Mastery.” In April 2024, the company announced it was “extremely proud” to become a 1inch Fusion Resolver.
Keep the word “proud” nearby. It will age badly.
The first incident came on March 5, 2025, at 18:00 UTC. A legacy 1inch Fusion V1 resolver contract had an integer underflow bug. The attacker used 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe00 — decimal -512 — to turn the resolveOrders function selector, 0x1944799f, into a skeleton key.
Resolver balances were drained. TrustedVolumes was the main victim. Around $5 million vanished, including about 2.4 million USDC and 1,276 WETH.
Then DeFi did its favorite theater routine. 1inch redeployed contracts. Decurity published the post-mortem. TrustedVolumes negotiated. The attacker returned most of the money and kept about $450,000 as a “finder’s fee,” roughly 10%.
The press called it white-hat behavior. A win for DeFi self-governance. Progress in ethical hacking.
Translation: someone robbed a bank, got caught near the front door, offered to return 90% and keep 10% for the trouble, and the bank said, “Fair enough, see you next time.”
If you were the attacker, would you come back?
The answer arrived on May 7, 2026.
This time the bug was not in the 1inch protocol itself. It was in TrustedVolumes’ own custom RFQ swap proxy contract — exactly the line 1inch has been drawing as fast as possible. The affected contract was reported as 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31.
The mechanism was almost insulting. The contract exposed a public function that allowed an arbitrary address to register itself as an “Allowed Order Signer.” That permission is meant for internal market-maker infrastructure: multiple accounts, delegated signing, operational routing. Someone forgot the part where permissions require permission.
So the attacker called the function and made themselves authorized.
Then came the real damage. Any wallet that had previously approved TrustedVolumes-related contracts — especially with unlimited ERC-20 approval — could be drained within the approved allowance. No new signature. No phishing page. No “connect wallet” pop-up. No user mistake in real time.
Your old approval became the attack surface.
The initial asset list was brutal: 1,291.16 WETH, 1,268,771 USDC, 206,282 USDT, and 16.939 WBTC. Early reports put the loss at about $5.87 million. Within hours, TrustedVolumes updated the number to about $6.7 million. The attacker swapped the assets into roughly 2,513 ETH and parked them across two wallets, around 1,291 ETH and 1,222 ETH.
One small detail makes the whole thing worse: Blockaid, CertiK, and SlowMist linked the attacker to the March 2025 1inch Fusion V1 exploit. Same operator. Same victim. New contract.
So after paying a $450,000 “lesson fee” in 2025, TrustedVolumes apparently did not perform — or did not properly act on — a full permission audit of its custom contract stack.
That is not bad luck. That is process failure with a token ticker.
TrustedVolumes said the loss was about $6.7 million, spread across three Ethereum addresses: about $3 million, $3 million, and $700,000. It offered “constructive communication” around a bug bounty and a mutually acceptable solution. In normal human language: please return the money, keep a cut, and do not make this worse.
Sergej Kunz, co-founder of 1inch, pushed back on linking the exploit to 1inch. His position was that TrustedVolumes is an independent operator, one Resolver among many, and not exclusive to 1inch.
Technically, that is true. Operationally, it is a convenient half-truth.
TrustedVolumes publicly celebrated becoming a 1inch Fusion Resolver in 2024. A Resolver is not a random vendor selling conference lanyards. It is a counterparty that the 1inch Fusion design relies on to execute user order flow. A retail user clicking Swap on the 1inch front end does not know which Resolver sits on the other side.
So yes, TrustedVolumes is independent when the money is gone. It was a proud ecosystem partner when the volume was useful.
Security firms were less theatrical. CertiK described the core failure: an attacker could register as an Allowed Order Signer and then use old approvals. PeckShield, Beosin, Blockaid, and others tracked the funds on-chain. Cointelegraph also quoted security researchers calling for more kill switches, monitoring, and circuit breakers.
A security person asking for circuit breakers after $6.7 million is already gone tells you exactly where DeFi infrastructure still is: fast enough to lose money, slow enough to explain it.
There is another useful memory here. In the March 2025 incident, 1inch’s early public messaging did not foreground TrustedVolumes’ roughly $5 million loss. Rekt later noted that SlowMist’s independent work surfaced the scale of the damage. That is the industry playbook: publish “issue fixed, users safe,” then let the independent investigators do the awkward part.
Put the two incidents side by side.
First exploit: about $5 million stolen, attacker keeps about $450,000, and the story gets wrapped in white-hat language.
Second exploit: about $6.7 million stolen, negotiation opened again.
If the attacker keeps another 10%, that is roughly $670,000. Across two incidents, the attacker clears about $1.12 million. Remote work. No office. No KYC. Better margins than most DeFi protocols.
So why does this keep happening?
Because for a high-volume market maker, a negotiated exploit can be cheaper than rebuilding the machine. A $6.7 million loss, if 80–90% comes back, becomes an ugly line item. Rewriting, re-auditing, and redeploying every custom contract is slow, expensive, and may reduce trading throughput.
That is the ugly incentive. Security engineering is a cost center. A “bug bounty” after the fact is a discounted ransom with better branding.
The same goes for the platform layer. 1inch benefits from more Resolvers: deeper liquidity, better execution, cleaner UX, and a better story for the ecosystem. If every Resolver had to pass a Trail of Bits plus OpenZeppelin plus formal-verification gauntlet before touching user order flow, some would simply leave. Liquidity would thin. The product would feel worse.
So the arrangement becomes obvious: Resolvers provide depth; aggregators provide flow; when something breaks, everyone explains where the boundary line technically sits.
The only consistently rational actor here is the attacker. Reliable execution, repeat customer, performance-based compensation. DeFi accidentally invented the most stable freelance job in crypto.
A normal user’s first instinct is self-blame: “Why did I ever approve that contract?”
Stop there.
Unlimited approval became the default because the industry trained users to accept it. DEXs, aggregators, market makers, and wallet interfaces all pushed the same trade-off: approve max once, save gas later. Re-approving every swap is annoying and expensive, so the front-end default became convenience now, tail risk later.
That is not a user education problem. That is product design transferring risk to users.
So aim the anger properly.
First, at market makers and protocols that know unlimited approval is a loaded weapon and still treat it as normal UX.
Second, at Resolver onboarding that apparently does not force full custom-contract review after a major exploit.
Third, at the PR language that turns “attacker keeps 10%” into “DeFi governance worked.” That framing normalizes the deal. It also teaches attackers that the invoice will be paid.
Remember the contract: 0x9bA0...Da31.
Remember the pattern: old approvals, custom proxy, public signer registration.
And remember this: 1inch may be technically unaffected, but your wallet is not protected by press-release grammar.
“Professional market maker” is not a safety label. In DeFi, it may simply mean “high-value target.” Resolvers, market makers, and institutional-looking counterparties are worth an attacker’s time precisely because one compromised contract can pay for the year.
Do three things.
First, go to revoke.cash or your wallet’s approval manager and revoke any old approvals connected to 1inch, 1inch Fusion, and TrustedVolumes-related contracts. Even if you have not used them recently. Approvals do not expire out of politeness.
Second, when using aggregators, stop approving unlimited amounts by default. Approve the minimum needed for the trade. Paying a little more gas is cheaper than becoming someone’s next bounty negotiation.
Third, treat “audited,” “institutional partner,” and “Resolver” as marketing terms, not armor. TrustedVolumes was a 1inch Fusion Resolver. It has now been hit twice by the same operator.
You are not betting on whether TrustedVolumes is safe. You are betting on whether this industry finds it cheaper to fix things than to negotiate after the fact.
So far, the spreadsheet says no.
Based on the available reports, the affected contract was TrustedVolumes’ custom RFQ swap proxy, not the core 1inch protocol. That distinction matters technically. For users, the bigger issue is whether they left old approvals to TrustedVolumes-related contracts.
Yes. If a contract has an active ERC-20 approval, especially an unlimited one, it can move tokens within that allowance when called through a valid path. In this case, the reported flaw let the attacker become an allowed signer and use old approvals.
Check approvals immediately using revoke.cash or your wallet’s built-in approval manager. Revoke anything you no longer use, especially approvals connected to 1inch Fusion, TrustedVolumes, or unfamiliar RFQ/resolver contracts.
TrustedVolumes publicly signaled willingness to discuss a bug bounty and a mutually acceptable resolution. That suggests negotiation is possible, but there is no guarantee that funds will be returned or that users will be made whole.
Because the first incident created the wrong incentive. If an attacker can keep roughly 10% and avoid a worse outcome, repeat attempts become economically attractive. The second exploit suggests the underlying security review was not strong enough after the first one.