The post 1inch Liquidity Provider Trusted Volumes Exploited for $5.87 Million appeared first on Coinpedia Fintech News
Another major DeFi attack has shaken the crypto market. A liquidity provider tied to 1inch’s Trusted Volumes system has reportedly been exploited for nearly $5.87 million, with attackers draining millions in WETH, USDT, WBTC, and USDC.
More concerningly, blockchain security firms warn that the exploit may still be ongoing, meaning additional losses could still occur.
So, how did the exploit happen?
How the Trusted Volumes Exploit Happened
Security researchers at Blockaid revealed that attackers exploited a vulnerability in the Trusted Volumes resolver contract. This vulnerability allowed them to execute malicious orders directly from users’ wallets.
The attack worked by abusing a public function in the contract. Using this function, the attacker was able to add themselves as an “Allowed Order Signer.” Once they gained this permission, they could use old wallet approvals that users had previously granted to move funds.
— Blockaid (@blockaid_) May 7, 2026
Blockaid's exploit detection system has identified an on-going exploit on TrustedVolumes (1inch market maker / resolver, @trustedvolumes ).
Chain: Ethereum
Victim contract: TrustedVolumes resolver — 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31
Exploiter:…
What made the exploit especially dangerous is that users did not need to approve any new transaction for the attack to happen. Existing token approvals alone were enough for attackers to access and transfer assets.
The incident once again highlights one of DeFi’s biggest hidden risks: unlimited token approvals that stay active even after users stop using a protocol.
According to Blockaid, the attacker behind this exploit appears to be linked to the March 2025 1inch Fusion V1 attack.
Nearly $5.9 Million Drained
Further blockchain security firm PeckShield reported that the attacker has already extracted:
- 1,291.16 WETH
- 206,282 USDT
- 16.939 WBTC
- 1,268,771 USDC
The total stolen amount currently stands at approximately $5.87 million.
Researchers identified the affected resolver contract and vulnerable proxy linked to the March 2025 1inch Fusion V1 attack. Security experts also discovered strong similarities between the two incidents while tracing the exploiter wallet connected to the attack.
DeFi Hacks Continue to Rise in 2026
The TrustedVolumes exploit is now reportedly the fifth major DeFi exploit over the last one month alone, extending what is becoming an increasingly dangerous period for decentralized finance platforms.
The overall DeFi market has already witnessed several massive hacks in recent weeks, including:
- A reported $285 million exploit targeting Drift Protocol
- A separate $293 million attack involving Kelp DAO
According to data from DefiLlama , total crypto assets stolen in April 2026 surged to approximately $635.2 million, the highest level since the massive 2025 Bybit exploit where nearly $1.5 billion was drained.
