TrustedVolumes became the fifth major DeFi exploit in May as resolver contract risks drew fresh scrutiny.
Decentralized finance has once again been hit with news of a fresh security breach. Another exploit has struck infrastructure connected to decentralized exchange aggregator 1inch, adding to a growing list of attacks across the sector. Security researchers linked the latest incident to a threat actor involved in earlier DeFi exploits this year. Rising losses across May continue to pressure confidence in resolver contracts and custom permission systems.
Blockaid Flags Active TrustedVolumes Attack Linked to Prior 1inch Incident
Blockchain security firm Blockaid reported Wednesday that liquidity provider TrustedVolumes suffered an active exploit targeting its resolver contract on the Ethereum network. Attackers initially drained around $5.87 million in digital assets before losses later climbed closer to $6.7 million.
Blockaid’s exploit detection system has identified an on-going exploit on TrustedVolumes (1inch market maker / resolver, @trustedvolumes ).
Chain: EthereumVictim contract: TrustedVolumes resolver — 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31
Exploiter:…
— Blockaid (@blockaid_) May 7, 2026
Stolen funds included 1,291.16 wrapped ether, 206,282 tether, 16.939 wrapped bitcoin, and more than 1.26 million USDC. Blockaid said the exploit involved a vulnerability tied to a TrustedVolumes-controlled request-for-quote swap proxy.
Researchers also linked the attacker to the March 2025 exploit against 1inch Fusion V1. That earlier incident drained roughly $5 million from affected systems. Despite similarities between both attacks, Blockaid noted that the latest exploit used a separate vulnerability.
1inch Says User Funds Safe After TrustedVolumes Resolver Contract Breach
TrustedVolumes later confirmed the incident and said it may consider a bug bounty arrangement to resolve the situation. No further recovery details were immediately disclosed.
Meanwhile, 1inch stated that its infrastructure, user funds, and internal systems were not affected. According to the company, TrustedVolumes operates independently as a liquidity provider and works with multiple protocols across the industry.
DeFi Platforms Face Rising Pressure as Exploit Losses Cross $750M
Security incidents across decentralized finance have accelerated sharply in recent weeks. Data from DefiLlama showed that hackers stole roughly over $750 million through exploits and attacks during April. That marked the sector’s largest monthly loss since February 2025, when the Bybit hack resulted in nearly $1.5 billion in stolen assets.
TrustedVolumes now marks the fifth major exploit reported since the start of May. Earlier this week, Ekubo Protocol lost around $1.4 million in wrapped Bitcoin after attackers exploited an access-control vulnerability in the swap router contracts. Blockaid said the exploit targeted a vulnerable payment callback mechanism tied to Ekubo’s EVM extension contracts.
Growing attacks continue to draw attention to resolver contracts and custom approval systems. Fast trade execution often requires elevated permissions across liquidity infrastructure. Those permissions can create larger risks once vulnerabilities appear or attackers gain trusted access.
The post DeFi Exploit Wave Continues as 1inch Partner Suffers $5.87M Loss appeared first on Live Bitcoin News.