• Trending
  • Comments
  • Latest
The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

04/18/2026 - Updated on 05/25/2026
AI People joins Dubai’s innovation one — Declares war on the forgetting of humanity

AI People joins Dubai’s Innovation One program: Declares war on the forgetting of humanity

07/22/2025 - Updated on 07/23/2025
XRP community

Ripple CEO reassures community after SWIFT selects rival blockchain for pilot

02/10/2026
Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

2
Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

2

Hello world!

1
Crypto supply chain attack

Consensys says a North Korean operative accessed core MetaMask code for a month

07/18/2026
US Crypto Market Structure Bill Faces Fresh Delay

New Hampshire, Texas and Wyoming push crypto policy while Congress stalls on Clarity Act

07/18/2026
Trustedvolumes exploit

TrustedVolumes attacker returns $2 million in ETH, keeps $2 million as self-declared bounty

07/18/2026
  • Trending
  • Comments
  • Latest
The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

04/18/2026 - Updated on 05/25/2026
AI People joins Dubai’s innovation one — Declares war on the forgetting of humanity

AI People joins Dubai’s Innovation One program: Declares war on the forgetting of humanity

07/22/2025 - Updated on 07/23/2025
XRP community

Ripple CEO reassures community after SWIFT selects rival blockchain for pilot

02/10/2026
Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

2
Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

2

Hello world!

1
Crypto supply chain attack

Consensys says a North Korean operative accessed core MetaMask code for a month

07/18/2026
US Crypto Market Structure Bill Faces Fresh Delay

New Hampshire, Texas and Wyoming push crypto policy while Congress stalls on Clarity Act

07/18/2026
Trustedvolumes exploit

TrustedVolumes attacker returns $2 million in ETH, keeps $2 million as self-declared bounty

07/18/2026
Saturday, July 18, 2026
  • Login
The Bit Gazette
  • Home
  • Crypto News
  • Expert Analysis
  • Finance
  • Tech
  • Sponsored
  • Press Release
  • Opinion
No Result
View All Result
The Bit Gazette
No Result
View All Result
Home Breaking News

TrustedVolumes attacker returns $2 million in ETH, keeps $2 million as self-declared bounty

The partial recovery offers hope for victims, but millions remain unrecovered as questions linger over whether TrustedVolumes will accept the attacker's proposed bounty.

by Elizabeth Omotoke
3 hours ago
in Breaking News
Reading Time: 5 mins read
0
Trustedvolumes exploit

Trustedvolumes exploit

Share on FacebookShare on Twitter

An attacker behind the May TrustedVolumes exploit has returned 1,122 ETH, worth about $2 million, while keeping another $2 million as a self-declared “vulnerability bounty.” The partial recovery follows a $6.7 million breach of the Ethereum liquidity provider, with millions in assets still unaccounted for.

Blockchain monitoring platform Com Feed tracked the Ethereum transfer, confirming that the returned funds represent only part of the assets stolen during the May cyberattack. At the time of publication, TrustedVolumes had not publicly stated whether it accepted the attacker’s self-proclaimed bounty arrangement.

The recovery comes months after the liquidity provider suffered a devastating breach that ultimately resulted in losses estimated at roughly $6.7 million.

TrustedVolumes exploit leads to partial asset recovery

The latest development follows months of negotiations after the TrustedVolumes exploit drained millions of dollars from the company’s Ethereum-based infrastructure.

Initially, blockchain security researchers estimated the loss at around $5.87 million. However, TrustedVolumes later revised the figure upward to approximately $6.7 million, revealing that the stolen assets had been distributed across three wallets holding roughly $3 million, another $3 million, and approximately $700,000.

In an effort to recover the funds, TrustedVolumes publicly invited the attacker to begin discussions over a possible white-hat settlement. The company said it was willing to negotiate a vulnerability bounty and work toward what it described as a “mutually acceptable solution,” although it did not specify the percentage or amount it was prepared to offer.

The attacker has now returned 1,122 ETH, worth around $2 million based on current market prices. However, another portion of the stolen cryptocurrency—also valued at roughly $2 million—has been retained by the exploiter, who considers it payment for exposing the vulnerability.

Because Ethereum’s price has declined since May, the recovered assets are worth considerably less than when the original tokens were converted into ETH, reducing the overall value recovered from the TrustedVolumes exploit.

Security researchers reveal how the attack happened

Blockchain security firms quickly investigated the breach after it occurred in early May.

According to blockchain security company Blockaid, the attack targeted TrustedVolumes‘ custom request-for-quote (RFQ) swap proxy rather than the standard swap infrastructure provided by 1inch. The vulnerability existed within TrustedVolumes’ own Ethereum resolver architecture, making the breach unrelated to 1inch’s core aggregation contracts.

“The attack targeted TrustedVolumes’ custom RFQ implementation, not 1inch’s protocol,” Blockaid concluded during its investigation.

Blockchain security firm Verichains later identified several critical flaws inside the custom proxy. Researchers discovered that a publicly accessible function lacked the necessary access controls, enabling the attacker to register an address as an authorized order signer.

Once that authorization was established, fraudulent transactions appeared legitimate to the proxy system.

Verichains also found an authorization mismatch between the address validated by the smart contract and the wallet actually supplying the assets. Additionally, replay protection mechanisms failed to properly record completed orders, allowing malicious transactions to proceed.

During the attack, the exploiter successfully transferred multiple assets—including Wrapped Ether (WETH), Wrapped Bitcoin (WBTC), USDT, and USDC—from TrustedVolumes’ inventory vault into attacker-controlled wallets.

Before consolidating the stolen funds, Blockaid tracked approximately 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1.27 million USDC among the compromised assets. PeckShield later reported that the attacker converted those holdings into roughly 2,513 ETH.

1inch infrastructure was not compromised

Although TrustedVolumes provided liquidity through 1inch, the TrustedVolumes exploit did not affect the decentralized exchange aggregator itself.

Following the incident, 1inch clarified that its core aggregation contracts and regular user swap routes remained secure throughout the attack.

Instead, investigators determined that the vulnerability existed solely within TrustedVolumes’ customized RFQ implementation, which handled price quotations and executed signed trades using the firm’s own liquidity inventory.

Blockaid also noted similarities between the wallet involved in this incident and one linked to the March 2025 Fusion V1 exploit. However, the company emphasized that the vulnerabilities exploited in the two attacks were different, indicating that the latest breach stemmed specifically from TrustedVolumes’ custom-built proxy.

“The exploit originated from TrustedVolumes’ own custom infrastructure rather than the underlying 1inch protocol,” security investigators explained.

Uncertainty remains over the attacker’s claimed bounty

The TrustedVolumes exploit now enters a new phase as observers wait to see whether the liquidity provider formally accepts the attacker’s proposal.

While partial recoveries following major DeFi exploits have become increasingly common, attackers often negotiate settlements in exchange for retaining a portion of the stolen funds as bug bounties. Such agreements remain controversial because they blur the distinction between ethical vulnerability disclosure and outright theft.

As of publication, TrustedVolumes has not confirmed whether discussions with the attacker are ongoing or whether it intends to recognize the retained funds as a legitimate reward.

The TrustedVolumes exploit also serves as another reminder that custom smart contract modifications frequently introduce security risks that established protocols have already addressed. Security experts continue to urge DeFi projects to conduct comprehensive smart contract audits, implement strict access controls, and thoroughly test authorization logic before deploying customized infrastructure handling millions of dollars in digital assets.

With only part of the stolen cryptocurrency returned and the remaining assets still under the attacker’s control, the TrustedVolumes exploit remains one of the year’s most closely watched DeFi security incidents. Whether the partial repayment ultimately leads to a negotiated settlement—or further legal and blockchain investigations—will likely shape how future exploit recoveries are handled across the decentralized finance ecosystem.

Tags: Blockchain Securitybug bountycrypto exploitCryptocurrencyCryptocurrency Newscybercrimedecentralized financedefidigital assetsethethereumsmart contract securityTrustedVolumesweb3white hat hacker
Share197Tweet123
Elizabeth Omotoke

Elizabeth Omotoke

  • Trending
  • Comments
  • Latest
The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

04/18/2026 - Updated on 05/25/2026
AI People joins Dubai’s innovation one — Declares war on the forgetting of humanity

AI People joins Dubai’s Innovation One program: Declares war on the forgetting of humanity

07/22/2025 - Updated on 07/23/2025
XRP community

Ripple CEO reassures community after SWIFT selects rival blockchain for pilot

02/10/2026
Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

2
Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

2

Hello world!

1
Crypto supply chain attack

Consensys says a North Korean operative accessed core MetaMask code for a month

07/18/2026
US Crypto Market Structure Bill Faces Fresh Delay

New Hampshire, Texas and Wyoming push crypto policy while Congress stalls on Clarity Act

07/18/2026
Trustedvolumes exploit

TrustedVolumes attacker returns $2 million in ETH, keeps $2 million as self-declared bounty

07/18/2026
The Bit Gazette

Copyright © 2025 - The Bit Gazette.

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Crypto News
  • Expert Analysis
  • Finance
  • Tech
  • Sponsored
  • Press Release
  • Opinion

Copyright © 2025 - The Bit Gazette.