TrustedVolumes, a core liquidity provider for the 1inch Network, has been hit by a smart contract exploit that drained about $5.9 million in crypto assets. On-chain data and security firms PeckShield and SlowMist report that the attacker targeted the protocol’s Request for Quote contract late Wednesday.
🚨 We were recently exploited.
The addresses currently holding the stolen funds are:
[https://t.co/Uffg1StIhA](https://t.co/Uffg1StIhA) — approx. $3M
[https://t.co/gUCDHwOOTC](https://t.co/gUCDHwOOTC) — approx. $3M
[https://t.co/68Lu7Bq0MJ]— TrustedVolumes (@trustedvolumes) May 7, 2026
The attacker drained 1,291 ETH, 1.268 million USDC, and large amounts of WBTC and USDT. Security analysts traced the exploit to a signature validation flaw in the fillOrder function. This allowed the attacker to register a malicious contract as an authorized signer and forge orders from addresses that had given unlimited approvals.
RFQ contract flaw exposes signature logic gap
The exploit came from the contract’s signer verification process. Instead of verifying signatures against the order maker, the code checked the caller. By registering a malicious contract as an allowed signer, the attacker bypassed security and executed four forged orders.
The stolen assets are now consolidated in two main Ethereum wallets. Most of the funds have been swapped for over 2,500 ETH, valued at about $6 million. Blockchain forensic teams are tracking these wallets to block any attempts to move funds to mixers or exchanges.
TrustedVolumes offers bounty as DeFi security concerns grow
TrustedVolumes is seeking a resolution with the attacker and has opened a communication channel. The team is offering a bug bounty for the return of stolen funds. 1inch has clarified that their protocols, systems, infrastructure, and user funds were not affected by the exploit. The 1inch team is actively monitoring the situation and providing assistance to security teams.
The exploit has renewed debate over the risks of unlimited approvals in DeFi. While resolvers like TrustedVolumes boost 1inch’s efficiency, they can also create single points of failure if signature logic is flawed. The incident shows that even audited market makers are still exposed to advanced contract exploits.
April 2026 marked the worst month for crypto hacks since February 2025, with 25 separate exploits draining around $629 million, an average of one incident every 27 hours. Sweat Economy restored all user funds following a rapid exploit that saw an attacker drain approximately 13.71 billion $SWEAT tokens, valued at $3.5 million, from top-100 NEAR accounts in less than 30 seconds.
In response, the team paused the affected contract, worked with MEXC and Rhea Finance to contain the breach, and quickly patched the vulnerability. All impacted balances have been reimbursed, with no user losses reported.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools.
