DeFi Platform TrustedVolumes Hit by $6.7M Exploit

An RFQ, or request-for-quote, swap proxy is a contract that handles price quotes and token swaps between a market maker and traders.

We were recently exploited.

The addresses currently holding the stolen funds are:

Hakan Unal, senior security operations lead at crypto security firm Cyvers, told Decrypt the root cause was a combination of “permissionless signer registration, broken replay protection, and an unvalidated transfer source field.”

The flaws let the attacker act as a trusted signer and drain victims without valid authorization, with funds routed through high-risk no-KYC exchange ChangeNow before being swapped to ETH, he added.

“The damage could have been far greater,” Unal said. “With replay protection nonfunctional, the attacker could have potentially drained additional approved accounts repeatedly.”

Decrypt has reached out to TrustedVolumes for comment.

We are aware of misleading reports relating to an exploit involving TrustedVolumes. We can confirm that neither 1inch nor any of the 1inch protocols are involved.

There is no impact on 1inch systems, infrastructure or user funds.

TrustedVolumes operate independently as a…

“From a vetting and monitoring perspective, we are working alongside our security partners to understand the specifics of how this exploit occurred, and we will be incorporating any relevant findings into our ongoing security and integration processes,” a 1inch spokesperson told Decrypt.

If a provider is “unavailable or compromised, others continue to serve users without disruption,” with this “built-in redundancy” a core design principle that “functioned exactly as intended in this case,” the spokesperson added.

“What’s striking about the TrustedVolumes incident is that the same attacker struck twice, months apart, against different contracts,” Nick Harris, founder and CEO of crypto asset recovery platform CryptoCare, told Decrypt, describing the perpetrator as a “patient, targeted operator” rather than an opportunistic hacker. He warned that surviving an exploit doesn’t necessarily close the risk but may instead “open a new one.”