TrustedVolumes confirms $6.7 million exploit with stolen funds spread across three Ethereum wallets

Liquidity provider TrustedVolumes said it fell victim to an exploit that resulted in the theft of $6.7 million in digital assets. The incident occurred on Thursday, May 7, and was detected by Blockaid. Blockaid said the compromised funds were deposited on the Ethereum network through the manipulation of protocol-specific smart contracts.

On-chain attack technical analysis

Blockaid identified the exploit in TrustedVolumes’ resolver contract at address 0x9bA0…Ea31. The main execution of the attack was carried out from wallet 0xC3EB…9100, according to Blockaid data and Etherscan records.

Etherscan shows the attacker initially extracted $5.87 million, which TrustedVolumes later updated to $6.7 million following an internal damage audit.

The stolen assets were reported as:

• 1,291.16 WETH
• 206,282 USDT
• 16.939 WBTC
• 1,268,771 USDC

PeckShieldAlert reported that the hacker used a custom exchange proxy to convert the tokens into 2,513 ETH. Blockaid said this consolidation step appears intended to facilitate subsequent movement of funds through mixers or off-ramp services.

Vulnerability details

Blockaid’s analysis attributed the issue to TrustedVolumes’ RFQ (request-for-quote) system. The platform is designed to provide personalized quotes, but Blockaid said a weakness in its control logic enabled unauthorized extraction of liquidity.

Security context and related incidents

Blockchain analysts pointed to a possible link between this event and the attack suffered by 1inch Fusion V1 in March 2025, when the hacker obtained approximately $5 million. However, analysts said the exploited flaw in the TrustedVolumes case is technically different, focusing specifically on TrustedVolumes’ RFQ architecture.

Blockaid also placed the incident within a broader pattern of DeFi breaches early in the month. During the first week, monitoring tools recorded five major breaches with losses exceeding $8 million. Reported victims included:

• Sharwa.Finance, which lost $32,850 due to oracle manipulation
• Bisq, which reported an $858,000 breach on May 1
• SmartCredit, which suffered a flash loan attack on May 4 for $72,000
• Ekubo, which reported a vulnerability in its router module on May 5 resulting in a $1.4 million loss

For the Ekubo case, the flow of funds was conducted through 85 fast transactions linked to platforms within the Velora ecosystem.

Recovery efforts

TrustedVolumes said it is currently evaluating the implementation of a bug bounty program in an effort to recover the stolen assets.