TrustedVolumes, a market maker resolving orders for 1inch Fusion, was drained across 85 transactions on May 7 after an attacker added themselves to the contract's signer allowlist — a function any wallet could call.
TrustedVolumes, a market-making firm that fills orders for the 1inch Fusion aggregator, lost $6.7 million across about 85 transactions on May 7 after an attacker exploited a public function in its smart contract that should never have been public. The function controlled the allowlist of authorised order signers, and it had no access control. Anyone could call it. The attacker called it, added their own address to the allowlist, and started approving outbound orders on behalf of the protocol until the wallet was drained.
The stolen funds break down as 1,291 WETH, 16.9 WBTC, 206,282 USDT, and 1.27 million USDC. Blockaid's monitoring system flagged the transactions in real time and notified TrustedVolumes and 1inch, but the contract had no pause function exposed to the affected wallet and no time-delay on the allowlist mutations. The drain was complete before any operator could intervene. By the time the firm posted its acknowledgement, the funds were already moving through mixer routes that have been operational across a series of recent exploits.
1inch itself was untouched. The aggregator's smart contracts, its main treasury, and its users' funds were not affected by the incident. TrustedVolumes is a resolver — one of several firms that compete to fill incoming swap quotes through Fusion, the Dutch-auction order-flow system 1inch introduced in 2022 — and its smart contract is its own infrastructure rather than 1inch's. The architectural separation is the reason the loss was contained to one operator rather than cascading across the aggregator. It is also a useful reminder that 1inch as a brand is a routing layer for liquidity, not a single custody surface.
The vulnerability is the kind that audits catch unless they don't. A function that mutates privileged state — in this case the list of addresses authorised to sign outbound orders — should be guarded by some combination of an ownership check, a role-based access control modifier, or a timelock. The function in question had none of the three. Open-source the contract, run a one-day reading by a competent auditor, and the issue is the second thing they flag. Whether TrustedVolumes commissioned an audit at all has not been publicly disclosed; the firm operates with a small engineering team and a market-making book that runs deep into the eight figures, which is a combination that has historically produced this exact failure mode.
The attacker is the same operator behind the March 2025 1inch Fusion V1 hack, which drained roughly $5 million from market makers through a separate flaw. Halborn and Blockaid have both confirmed the wallet attribution. The 2025 incident ended with the attacker returning most of the funds in exchange for a white-hat bounty after on-chain negotiations between the hacker and the affected resolvers. TrustedVolumes has publicly invited the same negotiation this time, saying it is open to constructive communication regarding a bug bounty and a mutually acceptable resolution. Whether the same operator who knows this playbook will accept the same trade for a second time is the question on which the recovery depends.
The broader picture is that 2026 is going to be a worse year for DeFi exploit losses than the recent past suggested it would be. April produced roughly $635 million of stolen funds, with the Kelp DAO LayerZero bridge exploit at $292 million accounting for nearly half. May has opened with a string of smaller incidents — TrustedVolumes at $6.7 million, Transit Finance at $1.88 million, Aurellion at roughly $455,000, BoostHook at $200,000 — that collectively crossed $9 million in a single week. The hack-tracker total for the year is now north of $1.1 billion across 77 incidents.
TRM Labs reported a fortnight ago that North Korea was responsible for 76 per cent of all 2026 hack value through just two attacks. The TrustedVolumes incident is not in that bucket — the attacker behaviour matches a profit-motivated operator who has now run the same negotiation play twice — but the broader composition of DeFi loss is shifting away from state-actor-grade attacks against major bridges and toward smaller, faster smash-and-grab raids against operator-deployed contracts.
The pattern that links most of these incidents is not novel cryptography or zero-day attacks on widely audited base layers. It is access-control failures in operator-deployed contracts that sit one layer above the audited DeFi primitives. The base protocols — Aave, Uniswap, 1inch's aggregator, Maker — have been hardened over multiple audit cycles and bug-bounty programmes that have produced something close to defensive parity with the attacker pool. The contracts that bridge those primitives to specific operators, market makers, vault managers, and trading firms have not. TrustedVolumes is one of those bridges. So was the Wasabi Protocol wallet that lost $4.55 million two weeks ago because one address held the admin role for the entire system.
The defensive lesson for DeFi protocols is the same one that has been written into every post-mortem for the past four years and is mostly being ignored: every privileged function needs a guard, every owner address needs a multisig, every state-mutating call needs at minimum a timelock long enough for monitoring tools to catch it. TrustedVolumes had none of those in the function that mattered. The next protocol that loses seven figures this month will be missing the same things.
Negotiation with the attacker is now the recovery path, and TrustedVolumes has roughly the same leverage it had in 2025: very little, beyond the inconvenience to the hacker of laundering eight figures that several blockchain forensics firms are already tracing. The bounty in 2025 was reported in the high single-digit percentages of the stolen total. The same range is the realistic ceiling here. Whatever the resolver gets back will not change the lesson that the next firm operating a small contract with eight-figure balances needs to learn before the same attacker, or one of their imitators, finds the next unguarded function.
