TrustedVolumes confirms $6.7 million exploit, seeks “constructive” talks with hackers
TrustedVolumes has confirmed it was hacked for an estimated $6.7 million and says it is willing to negotiate an “acceptable settlement” with the attacker for the proceeds.
Summary
- TrustedVolumes confirmed an estimated $6.7 million in exploits linked to a custom RFQ exchange proxy under its control, not standard 1inch aggregation routes.
- Blockaid and other security companies claim that approximately $5.87 million was extracted from TrustedVolumes’ Ethereum solver, and evidence links the exploit to the March 2025 Fusion v1 hack against the same market maker.
- The team is “open to constructive communication” with the attacker and hopes to turn the incident into a “white hat” cryptocurrency-style solution, echoing pre-1inch exploits‑ where most of the money was eventually recovered.
In a post written on X, the liquidity provider connected to 1inch said that the stolen funds are currently parked in three addresses that hold approximately $3 million, $3 million, and $700,000 of assets respectively, and that it is “open to constructive communication” over the benefit of vulnerability and the possible return of funds. This disclosure follows previous on-chain warnings from security firms indicating that approximately $6 million had been withdrawn from the Ethereum protocol’s settlement contract.
According to blockchain security firm Blockaid, cited in multiple incident reports, the attack targeted a custom request change (RFQ) proxy controlled by TrustedVolumes instead of the standard 1inch router. Crypto.news analysis noted that approximately 5.87 million dollars were withdrawn from the TrustedVolumes solution, including 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC, and that the exploit address appears to be the same as the 2021 inch character of 2025 March.
Recent exploits have also affected infrastructure connected to 1inch without directly endangering end users, such as last year’s Fusion incident where an expired contract was compromised to withdraw money from a third-party market maker—TrustedVolumes—before the router could be reused. In a statement summarized by PANews, 1inch emphasized that its core integration contracts were not affected and that the risk lies in the proxy design of TrustedVolumes’ custom RFQ.
TrustedVolumes’ public proposal to contact the attacker reflects a now-familiar pattern in DeFi, where teams try to turn live exploits into “white hat” events with dangling bugs and informal security. In several cases of 2023-2025, including the original 1inch Fusion hack, negotiations led to the return of large sums of money after the exploiter was identified or cornered, as explained in a separate crypto.news report on that episode.
Whether the TrustedVolumes attacker accepts the invitation will matter to users and partners. If negotiations are successful, about $6.7 million could find its way back into the deal, preventing contagion and helping restore confidence in the 1inch-closer liquidity lines. If they fail, the incident will reinforce a broader trend that crypto.news has been tracking in other coverage and analysis: high-level actors are increasingly directing custom proxies and privileged contracts that sit behind the front ends of DeFi, using complexities that most retail traders do not see.
