- TrustedVolumes was used today, May 7, 2026 and has lost about $6.7 million.
- The attackers found a flaw in the proxy contract and by using the flaw, the attackers were able to lose money.
- The breach highlights the rising security risk for all DeFi devices.
Today, on May 7, 2026, information from the blockchain security company Blockaid revealed that TrustedVolumes, a major funder and developer of the 1inch ecosystem, was used on the Ethereum network. The attacker extracted approximately $6.7 million in assets (according to TrustedVolumes), including 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC, according to blockaid and Web3 security companies.
The incident is being analyzed as a technical fraud rather than a clever use of fraudulent contracts or a social media attack, which shows the vulnerability of the financial system (DeFi).
What Went Wrong in the TrustedVolume Exploit?
At the center of all this confusion was a A custom RFQ (Request for Quote) exchange proxy agreement0xeeee….1756, controlled by TrustedVolumes. The attacker, using the address 0xc3eb….9100, used a malicious contract that previously called ‘registerAllowedOrderSigner(signer=0xc3eb…9100, allow=true)’ on the settlement agreement, giving himself permission to trade.
Using the TrustedVolumes Market Maker’s unlimited access to the settlement agreement, the attacker launched a series of events, using the option 0x4112e1c2 to withdraw many units of WETH, USDT, WBTC and USDC from the market maker. This allowed the attacker to spend the money before the money was returned to the receiving address.
A security assessment revealed that the vulnerability was caused by inadequate controls and a lack of authentication in the RFQ swap proxy. The main administrative function was left open to the public and did not have any restrictions. This allowed the attacker to bypass security authentication and use the contract.
This reflects previous developments, such as the use of the March 2025 1inch Fusion v1, where the parallel monitoring of smart contracts allowed the attackers to spend money, although the current trend is targeting different parts of the contract. The attack highlights the dangers of traditional, highly risky methods in DeFi systems that directly connect to large pools of liquidity.
TrustedVolumes Opens Bug Bounty Talks After $6.7 Million Exploit
TrustedVolumes publicly acknowledged the recent incident and confirmed via the X website (formerly known as Twitter) that several wallet addresses are holding the stolen funds. The group in the post also talks about an estimated loss of about $6.7 million across multiple Ethereum addresses.
In its statement, TrustedVolumes said that the platform is open to negotiations with the attacker about a possible generous agreement and a possible resolution.
ProtonMail also shared information, including ProtonMail and Telegram, so that anyone with useful information can reach out and help recover the stolen items. This incident also highlights the security risk of DeFi protocols and providers of funds.
Is This Action Similar to Recent DeFi Attacks?
The TrustedVolumes uses the same parameters as several of the top DeFi breaches in 2026, especially those involving blockchains and recycling protocols. Also, a Drift Protocol application on Solana, which resulted in $285 million in losses, they used human engineering to subvert the control of protocols and formal authorities, allowing the signing process to take place.
Likewise, KelpDAO uses itlinked to about $292-294 million in losses, it used attacks on its LayerZero-based rsETH bridge, where the exchange of messages caused rsETH tokens to be issued unsupported.
These events together show what is happening: customization, the most complex in DeFi, such as RFQ proxies, cross-bridges, and control mechanisms, are very important for high-level players. TrustedVolumes cases, such as the Drift and KelpDAO cases, show how a single failure in smart contracts or infrastructure can lead to the collapse of the entire ecosystem.
In addition, the Lazarus Group, a North Korean-linked group linked to hacking, has been linked to a major DeFi hack, citing their expertise in attacks and operational flaws.
The Role of AI in Practice: The Lazarus Doctrine
There are speculations going around that Lazarus’ group might be using artificial intelligence (AI) to speed up and improve data acquisition. AI tools can analyze supply chain data, identify communication channels, gas usage, and user behavior to identify vulnerabilities faster than traditional methods.
For example, machine learning can simulate attack scenarios, optimizing productivity in a short amount of time, as seen in the implementation of protocols like KelpDAO.
Impact on DeFi and the Broader Ecosystem
The TrustedVolumes exploit increases the value of DeFi hacks in 2026, contributing to more than $13-15 billion in TVL (Total Value Locked) coming out of major protocols like. Spirit and Compound. These incidents have undermined user confidence, with many platforms suspending operations or temporarily suspending operations to minimize further losses.
Repeated analysis of market makers and issuers shows the risk that a disruption in these positions can lead to economic downturns and price volatility.
For protocols like KelpDAO and Drift, the result is not only financial loss but also reputational damage and regulatory scrutiny. The use of the KelpDAO rsETH bridge, for example, raised questions about the security of the communication tools, which led to increased monitoring and isolation of important resources.
Similarly, the use of Drift emphasized the importance of strong control and high security. The TrustedVolumes incident serves as a reminder that even the most well-reviewed projects with built-in security are still vulnerable to change vectors.
DeFi Community Guidelines
To avoid this in the future, DeFi protocols must have valid permissions and default checks for all swaps and similar processes, which act as a high-risk environment.
There should be continuous monitoring of the supply chain, emergency response systems, and frequent monitoring is necessary to detect and respond to problems immediately.
In addition, isolation from the devices behind the hard drives can prevent unauthorized interactions, as demonstrated by the TrustedVolumes vulnerability.
As AI-driven attacks become more common, collaboration between security companies and AI developers is essential for sustainable security. The DeFi ecosystem must prioritize transparency, resilience, and responsiveness to maintain trust and ensure sustainable growth.
With KelpDAO and Drift Protocols under increased scrutiny, lessons from events like TrustedVolumes can create a secure financial future.
Also Read: Bitcoin Surpasses $81K While Altcoins Show Rebound
