•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
The decentralized finance (DeFi) sector has suffered another multi-million-dollar breach. Alerts from blockchain security firms SlowMist and PeckShield say hackers drained approximately $5.9 million in Ethereum (ETH), Wrapped Bitcoin (WBTC), and stablecoins from the trading protocol Trusted Volumes.
According to the reports, the incident stemmed from a fundamental flaw in Trusted Volumes’ core signature validation logic. The flaw allowed an attacker to bypass authorization checks and forge trading orders, undermining the protocol’s ability to verify cryptographic signatures.
Trusted Volumes is built on a Request for Quote (RFQ) architecture, which functions more like decentralized over-the-counter (OTC) trading than automated market makers (AMMs) such as Uniswap. In an RFQ setup, a “taker” requests a price quote and a “maker” offers a firm price. Both sides cryptographically sign the order, and the smart contract settles the swap. Because users must grant the protocol broad approval to move their funds, accurate signature verification is critical to RFQ security.
In this case, PeckShield attributes the breach to a logical error in the protocol’s fillOrder function.
PeckShield reported that the total haul was approximately $5.9 million. SlowMist’s analysis of the stolen assets identified the following amounts:
Following the theft, the attacker began laundering the stolen funds. SlowMist’s findings indicate that on-chain activity shows the stolen stablecoins and Wrapped Bitcoin were routed through a decentralized exchange.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
