A major liquidity provider and market maker on Ethereum fell victim to an exploit that drained approximately $5.87 million in digital assets Wednesday. The attack targeted a custom resolver contract, repeating a security failure that previously impacted the 1inch Fusion V1 protocol in March 2025.
- Ethereum liquidity provider TrustedVolumes lost $5.87 million in an exploit targeting a custom resolver contract and swap proxy.
- Attackers exfiltrated 1,291.16 WETH and 1.2 million USDC, marking the second security failure involving this operator since March 2025.
- The 1inch network issued clarifications to prevent reputational spillover as the exploit exposed structural vulnerabilities in decentralized RFQ systems.
Exploit Mechanics and Asset Theft
Security detection firm Blockaid identified the attack on the victim contract located at address 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31. The attacker utilized a custom RFQ swap proxy at address 0xeEeEEe53033F7227d488ae83a27Bc9A9D5051756 to execute the drainage.
The perpetrator extracted 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. The system swapped the stolen assets into roughly 2,513 ETH before moving the funds through various bridging mechanisms. Security researchers confirmed that the same operator orchestrated both the March 2025 incident and the current theft.
Clarification of Platform Impact
The 1inch network issued an official statement to address widespread reports that incorrectly tied the exploit to its primary infrastructure. 1inch confirmed that neither the platform nor its core protocols suffered damage during the event. The aggregator emphasized that TrustedVolumes functioned as an independent liquidity provider used by multiple protocols across the digital asset industry.
Security teams continue to monitor the attacker’s addresses and on-chain movements as recovery options are explored.
Genuine News Deserves Honest Attention.
High-conviction projects require an intelligent audience. Connect with readers who value sharp reporting.
👉 Submit Your PRStructural Risks in RFQ Systems
The incident highlighted ongoing vulnerabilities within Request for Quote (RFQ) systems and custom swap proxies. Aggregators utilized these components to optimize routing for large trades. While TrustedVolumes functioned independently, its role as a widely used resolver created a reputational spillover for larger platforms.
The repeat targeting of the same operator suggested persistent probing of RFQ mechanisms throughout the ecosystem. Users who routed swaps through aggregators that relied on TrustedVolumes faced no direct loss, but the event underscored the importance of counterparty risk assessment even in decentralized transactions.
Chain Street’s Take
The $5.87 million drain matters less for the dollar figure and more for what it reveals about the tight interconnections within decentralized finance. TrustedVolumes operates outside the 1inch protocol, yet the immediate narrative spillover proves how fast headlines blur lines between independent infrastructure and the major aggregators that utilize it.
1inch earned credit for the fast, clear response that protected user confidence. The lesson here extends beyond one incident: RFQ resolvers and custom proxies remain attractive targets because they handle large volumes with elevated permissions. As long as these components sit outside the main protocol’s security perimeter, they create soft spots that sophisticated actors continue to probe.
For users, the takeaway remains practical. Professional traders check which resolvers and liquidity sources an aggregator actually uses during large swaps. In decentralized finance, independence functions as a feature until it becomes a vulnerability. The industry needs stronger standards regarding resolver security audits and permission scoping to reduce these recurring incidents. The fact that the same operator returned for round two suggests the cat-and-mouse game in protocol security remains far from over.
Activate Intelligence Layer
Institutional-grade structural analysis for this article.
