Back

TrustedVolumes Confirms $6.7 Million Crypto Attack and Opens Bug Bounty Talks

According to Blockaid, the exploit targeted a TrustedVolumes resolver on Ethereum, while TrustedVolumes says about $6.7 million was stolen and is spread across three addresses as it seeks bug bounty talks.

ETH
USDT
USDC

Fact Check
The claim is directly confirmed by Blockaid's own official X account (@blockaid_) in two posts published on 2026-05-07 (URLs: https://x.com/blockaid_/status/2052198320420819089 and https://x.com/blockaid_/status/2052195192305045571). Both posts precisely match every element of the claim: the victim (TrustedVolumes resolver, a 1inch market maker), the chain (Ethereum), the total loss (~$5.87M), and the specific assets drained (Wrapped Ether/WETH, Tether/USDT, Wrapped Bitcoin/WBTC, and USD Coin/USDC). The PANewsLab article independently corroborates the same details. No conflicting evidence was found. The only minor caveat is that the claim describes the event as 'active' at time of reporting, which is consistent with Blockaid's own language ('on-going exploit').
Summary

TrustedVolumes, a 1inch-linked market maker, resolver, and liquidity provider on Ethereum, said it suffered an attack resulting in about $6.7 million in stolen funds, while Blockaid earlier estimated the drain at about $5.87 million. Blockaid identified the affected contract as the TrustedVolumes resolver and said the stolen assets included 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. TrustedVolumes said the funds are now spread across three blockchain addresses, with two holding about $3 million each and a third about $700,000. The team added on X that it is open to constructive discussions with the attacker on a bug bounty and acceptable resolution. Blockaid also linked the attacker to the same actor identified in the March 2025 1inch Fusion V1 exploit.

Terms & Concepts
  • Resolver: A specialized participant in decentralized trading that executes, fills, or settles user orders, often by sourcing liquidity and interacting with smart contracts.
  • Bug bounty: A reward offered to security researchers or attackers for reporting a vulnerability or returning exploited funds after a security incident.
  • Blockchain address: A public on-chain identifier used to send, receive, and track digital assets on a blockchain.