- Trending
- Comments
- Latest
Attackers drained nearly $6 million from Trusted Volumes, a market maker operating within the 1inch Fusion ecosystem, after exploiting weaknesses in resolver contract logic and signature validation systems used to settle decentralised trades.
Security researchers and blockchain analysts say the breach exposed vulnerabilities in resolver contracts and signature validation systems that underpin RFQ-based DeFi trading.
The attack, which was publicly disclosed on May 7, affected Trusted Volumes’ trading infrastructure and resulted in the loss of Ethereum, Wrapped Bitcoin, and stablecoins. Investigators from blockchain security firms are still tracing the stolen assets as concerns grow around outdated resolver implementations and legacy contract exposure in decentralized finance.
According to reports from blockchain security firms, the Trusted Volumes exploit targeted flaws in resolver contract logic and authorization verification systems used in RFQ-style settlements.
Trusted Volumes operates within a trading architecture associated with the 1inch Fusion ecosystem, where professional market makers respond to off-chain quote requests before trades are settled on-chain. Unlike automated market makers such as Uniswap, RFQ systems depend heavily on cryptographic signatures and trusted resolver infrastructure.
Security researchers said the attacker manipulated weaknesses in settlement validation logic to trigger unauthorized transfers.
“The root cause is that some bots only validated msg.sender and trusted the settlement contract too broadly,” — Chaofan Shou, blockchain security researcher.
Analysts believe the exploit allowed attackers to spoof legitimate settlement calls and trick resolver bots into releasing funds to malicious wallets.
Blockchain monitoring firms reported that approximately:
were drained during the attack.
The stolen assets were later swapped and moved through decentralized exchanges and intermediary wallets in an attempt to obscure the transaction trail.
The latest Trusted Volumes exploit has also revived scrutiny around earlier vulnerabilities tied to outdated Fusion V1 resolver contracts within the 1inch ecosystem.
Back in March 2025, Trusted Volumes reportedly lost about $4.5 million in a separate exploit involving older resolver implementations. Several smaller market makers were also affected during that incident, bringing combined losses to more than $5 million.
Researchers say patched versions of the resolver contracts already existed at the time, but some market makers and integrations continued operating legacy infrastructure.
“Newer contracts had already been patched, but some resolvers were still running outdated implementations,” — blockchain investigators cited in post-incident analysis reports.
The recurring nature of the issue has intensified debate within DeFi circles over migration standards and the dangers posed by inactive or obsolete smart contracts that remain accessible on-chain.
The Trusted Volumes exploit is now being cited by analysts as a textbook example of “legacy contract risk” — a growing problem in decentralized finance where old systems remain operational long after newer security upgrades are released.
Beyond the immediate financial losses, the Trusted Volumes exploit has raised broader concerns about the architecture of RFQ-based decentralized trading systems.
Unlike traditional AMMs, RFQ infrastructure depends on:
That complexity creates multiple attack surfaces beyond the smart contracts themselves.
Industry observers say attackers are increasingly targeting automated trading infrastructure instead of directly attacking liquidity pools.
“This exploit demonstrates how off-chain assumptions can become systemic vulnerabilities in DeFi,” — analysts at SlowMist in their security commentary.
The incident also highlights how market maker bots can unintentionally become security liabilities when validation procedures are incomplete or overly permissive.
While reports indicate ordinary 1inch users were not directly affected by the breach, liquidity providers and market makers connected to Trusted Volumes suffered significant losses. Analysts warn that incidents like the Trusted Volumes exploit can still impact broader ecosystem confidence by reducing liquidity depth and increasing trading spreads.
As investigations continue, blockchain security firms including PeckShield and SlowMist are monitoring wallet activity connected to the attacker.
The Trusted Volumes exploit has become another major case study in the ongoing challenge of balancing efficiency and security in decentralized finance infrastructure. Analysts say the incident could push more DeFi protocols to accelerate migration away from legacy resolver systems and strengthen settlement verification procedures.
So far, there has been no public confirmation that the stolen assets have been recovered.
The incident also adds to a growing list of high-profile DeFi breaches involving:
For the DeFi industry, the Trusted Volumes exploit is more than a single protocol failure. It is a reminder that even advanced trading infrastructure remains vulnerable when legacy systems, automation, and trust assumptions intersect without sufficient safeguards.
Copyright © 2025 - The Bit Gazette.
