TrustedVolumes, an Ethereum liquidity provider, lost $5.9 million to a hacker exploiting a vulnerability in its trading system. The stolen funds included various cryptocurrencies such as ETH, WBTC, USDT, and USDC.
Mentioned in this story
TrustedVolumes, a liquidity provider on the Ethereum blockchain, lost about $5.9 million in funds to a hacker on Thursday.
The attacker was able to exploit a vulnerability within the custom trading system used by the platform and managed to withdraw the funds, which included ETH, WBTC, as well as USDT and USDC stablecoins.
According to blockchain security firm Blockaid, which caught the exploit as it was happening, the stolen funds included 1,291 WETH, around 16.9 WBTC, roughly 206,000 USDT, and just under 1.27 million USDC.
The attack worked by abusing a design flaw in TrustedVolumes’ custom order-settlement system, known as a Request for Quote (RFQ) proxy.
GoPlus Security posted a breakdown showing that the attacker registered themselves as an authorized “order signer” using a function called “registerAllowedOrderSigner()” that was publicly accessible.
The function allows anyone to designate their own address as a valid signer for trades they controlled, and while normally that would be harmless enough, the settlement function had a separate problem: it checked authorization against one address while actually pulling funds from a different one.
As detailed in a technical report posted by security researcher Defi Nerd, the attacker used that gap to execute four drain transactions against the TrustedVolumes resolver contract, which had previously given the proxy permission to move its tokens.
According to them, each time, the proxy pulled assets from the resolver and sent only a single raw USDC unit back. Then the attacker converted the stolen WETH back into ETH and forwarded everything to their own wallet.
TrustedVolumes confirmed the exploit and publicly posted three wallet addresses holding the stolen funds, asking the hacker to get in touch about a “bug bounty and a mutually acceptable resolution.”
Because TrustedVolumes functions as a liquidity provider and market maker on 1inch, some early reports framed the incident as a 1inch exploit.
However, that is not accurate, and both 1inch and Blockaid put out statements clarifying that the protocol itself was not compromised and no user funds on 1inch were affected. TrustedVolumes operates independently across multiple platforms, not exclusively on 1inch.
The hacker drained approximately $5.9 million from TrustedVolumes.
The stolen funds included 1,291 WETH, around 16.9 WBTC, approximately 206,000 USDT, and just under 1.27 million USDC.
The attacker exploited a design flaw in TrustedVolumes’ custom order-settlement system, specifically the Request for Quote (RFQ) proxy.
American Bitcoin reported an $82 million loss in Q1 2026 despite mining a record 817 BTC. The company's total Bitcoin holdings increased to approximately 7,300 BTC after recent purchases.
XRP Analyst Raises Key Question About Demand in Global Settlement System
Revolut's app showed Bitcoin at just 2 cents due to a pricing glitch. Issue now resolved.
Trump Media's Q1 loss widens to $406 million, heavily impacted by crypto markdowns.
Australian police seize $4.2 million in Bitcoin during raids on darknet marketplace operators.
Bitcoin miners have withdrawn 3,400 BTC as prices rise; could this impact recovery?
See every story in Crypto — including breaking news and analysis.
The attack occurred during an especially difficult period for the DeFi ecosystem since it followed a catastrophic month of April, where more than $650 million worth of crypto was stolen from different projects.
KelpDAO and Drift Protocol were the most affected, having $292 million and $285.2 million taken away from them.
So at $5.9 million, this latest exploit is smaller in scale. But the technical sophistication of the approach, deploying a helper contract, abusing self-service signer registration, and exploiting a maker/funding-source mismatch in a single transaction, puts it in a different category from a simple bug or misconfiguration.