Blockchain security company Blockaid disclosed on X at 5:00 a.m. Eastern Time on May 6 that decentralized exchange (DEX) aggregator 1inch’s liquidity provider and market maker TrustedVolumes is being subjected to ongoing attacks. As of the time of Blockaid’s statement, losses have reached approximately $5.87 million.
Attack technical details: RFQ swap router contract vulnerability
According to Blockaid’s statement, the vulnerability exploited in this attack exists in TrustedVolumes’ custom RFQ (Request for Quote) swap router contract that it controls itself, and it differs from the technical components involved in the 1inch Fusion V1 incident on March 1, 2025.
Blockaid disclosed the breakdown of stolen assets as follows as of the time the statement was issued:
WETH (Wrapped Ether): 1,291.16
USDT: 206,282
WBTC (Wrapped Bitcoin): 16.939
USDC: 1,268,771
Involved entities: 1inch, TrustedVolumes, and Blockaid
According to Blockaid’s statement, the 1inch Fusion V1 attack incident in March 2025 and this latest incident were carried out by the same attacker. The technical vulnerabilities exploited in the two attacks are different; Fusion V1 and the TrustedVolumes RFQ swap router contract affected in this case are separate components.
Key data: DeFi security incident background
According to statistics from on-chain data platform DefiLlama, hacking attacks and exploits in April 2026 resulted in $635.2 million in losses, the highest single-month loss record since February 2025 (Bybit suffered losses of nearly $1.5 billion).
According to The Block, the attack on TrustedVolumes is the fifth major exploit incident since early May 2026. Major events in the same period include: Drift suffering a $285 million social engineering attack, and Kelp DAO suffering a $293 million vulnerability attack.
FAQ
When did this attack occur? What was the loss situation?
According to a statement released by blockchain security company Blockaid on X on May 6, 2026 (Eastern Time), TrustedVolumes is undergoing sustained attacks. As of the time of the statement, losses have reached approximately $5.87 million. Stolen assets include WETH, USDT, WBTC, and USDC.
What technical vulnerability did the attacker exploit?
According to Blockaid’s statement, the attacker exploited a vulnerability in TrustedVolumes’ custom RFQ (Request for Quote) swap router contract that it controls itself. It was deployed on the Ethereum blockchain and involves a different technical component from the vulnerability involved in the March 2025 1inch Fusion V1 incident.
Is this attack related to the 1inch incident in March 2025?
According to Blockaid’s statement, the two attacks were carried out by the same entity. In March 2025, the same attacker launched an attack against the 1inch Fusion V1 contract, causing losses of approximately $5 million; this time, the same attacker carried out a second attack against different contract components.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
