Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
TrustedVolumes, a key liquidity provider and resolver (market maker) for 1inch Fusion and other DeFi protocols, was exploited via a vulnerability in its custom RFQ swap proxy contract, resulting in approximately $6.7 million stolen. The project confirmed the incident on X, published the three Ethereum addresses holding the stolen funds (approx. $3M, $3M, and $700K), and stated openness to constructive communication for a bug bounty and mutually acceptable resolution. 1inch confirmed its protocol, infrastructure, and user funds are unaffected. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 6,700,000.
- chain
- ethereum
- protocol
- TrustedVolumes
- bug_class
- logic
- date_occurred
- 2026-05-07
- loss_usd
- $6,700,000
- source_id
- sm:trustedvolumes::2026-05-07