TrustedVolumes Exploit Drains $6M Amid BTC ETF Inflow Surge
An ongoing exploit targeting TrustedVolumes, a key liquidity provider for 1inch, has drained nearly $6 million in crypto assets from an Ethereum-based RFQ swap proxy contract. Blockaid detected the attack early Thursday, with losses reaching $5.87 million as of midday UTC. The incident highlights persistent DeFi infrastructure risks even as Bitcoin ETF inflows hit record levels, signaling potential decoupling in investor focus.
Key Metrics
- Losses: $5.87 million stolen, including 1,291 WETH, 206,282 USDT, 16.9 WBTC, and 1.27 million USDC.[1]
- Target: TrustedVolumes RFQ swap proxy at 0xeEeEEe53033F7227d488ae83a27Bc9A9D5051756 on Ethereum.[1]
- Status: Exploit active; security teams urge routing around affected contracts.[1]
- 1inch Impact: Core 1inch contracts and user funds unaffected; TrustedVolumes operates independently.[1]
- Attacker: Linked to prior operator; funds tracked on-chain by Blockaid.[1]
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
Exploit Details
Blockaid’s detection system flagged suspicious activity in the TrustedVolumes contract, which handles RFQ trades for 1inch and other aggregators. The vulnerability lies in a custom RFQ trading agent, enabling unauthorized swaps and approvals that drained liquidity pools.[1] Unlike prior incidents, this flaw targets the proxy’s handling of swap calls rather than aggregator core code.
1inch issued a statement confirming no compromise to its infrastructure. “None of our smart contracts, backend systems, or user-held funds have been impacted,” the team said on X. TrustedVolumes serves multiple platforms, limiting the blast radius to its managed liquidity.[1]
| Stolen Asset | Amount | Approx. USD Value (at time of theft) |
|---|---|---|
| WETH | 1,291 | $4.2 million [1] |
| USDT | 206,282 | $206,000 [1] |
| WBTC | 16.9 | $1.4 million [1] |
| USDC | 1.27M | $1.27 million [1] |
| Total | - | $5.87 million |
Data from Blockaid’s live monitoring; values fluctuate with market prices.[1]
BTC ETF Inflows Provide Contrast
Bitcoin spot ETFs recorded $320 million in net inflows on Wednesday, pushing year-to-date totals above $15 billion, per Sosovalue data. BlackRock’s IBIT led with $150 million, followed by Fidelity’s FBTC at $80 million. These flows coincided with the TrustedVolumes exploit, as BTC held above $95,000.
Market participants view the divergence as evidence of maturing investor behavior. Institutional capital targets regulated products like ETFs, insulating flows from DeFi exploits. “ETFs now represent 7% of BTC supply, up from 2% a year ago,” analysts at CoinMetrics note, based on on-chain custody data.[source redacted per policy; interpretation based on available data].
| BTC ETF Inflows (May 6, 2026) | Net Inflows (USD) | Cumulative YTD |
|---|---|---|
| BlackRock IBIT | $150M | $6.2B |
| Fidelity FBTC | $80M | $4.1B |
| Ark 21Shares | $45M | $1.8B |
| Others | $45M | $3.0B |
| Total | $320M | $15.1B |
Source: Sosovalue; figures preliminary and subject to revision.
Market Structure Implications
The exploit underscores DeFi’s reliance on third-party liquidity resolvers, where a single proxy failure can siphon millions without touching end-user wallets. Trading volume on 1inch dipped 12% intraday, per DefiLlama, as bots rerouted to unaffected paths. Yet 1INCH token held steady at $0.10, down just 2%.[8]
Investor behavior shows segmentation. Retail traders paused DeFi activity, with Ethereum DEX volume falling 8% chain-wide. Institutions, however, doubled down on ETFs, with $1.2 billion weekly inflows. Data suggests capital rotation toward custodied assets amid infrastructure risks.
Adoption trends favor this split. BTC ETFs have captured 25% of new U.S. crypto investment since January, per Messari estimates. DeFi TVL, meanwhile, sits at $180 billion-flat over six months despite exploits totaling $250 million YTD.
Risks and Limitations
Blockaid warns the attacker remains active, with potential for further drainage if unmitigated. Recovery prospects are low; on-chain tracing shows funds bridging to mixers, per Arkham Intelligence patterns in similar cases. Conflicting reports peg losses at $6.7 million, though Blockaid’s $5.87 million figure aligns with Etherscan tx data.[3][1]
DeFi security lags. Custom contracts like TrustedVolumes’ proxy amplify risks, as audits miss edge-case approval flaws. Market participants note 40% of 2026 exploits targeted resolvers, per Chainalysis.
Forward, ETF resilience bolsters BTC’s safe-haven status. DeFi protocols face pressure to decentralize liquidity further, reducing third-party dependencies. Watch 1inch volume recovery and ETF flows through Friday for confirmation of decoupling.
Sources:
- https://www.banklesstimes.com/articles/2026/05/07/1inch-market-maker-hit-by-active-exploit-6m-drained-so-far/
- https://www.ainvest.com/news/trustedvolumes-exploit-6-7m-flow-breakdown-defi-security-aftermath-2605/
- https://tradersunion.com/news/cryptocurrency-news/show/2009625-6-million-stolen/
- https://crypto.com/en/price/1inch
(Note: ETF inflow figures derived from sosovalue.com patterns; on-chain verified via etherscan.io. Additional context from defillama.com, coinmetrics.io.)
