1inch liquidity provider TrustedVolumes hit with ongoing exploit, draining nearly $6 million: Blockaid

A liquidity provider on 1inch called TrustedVolumes suffered an ongoing exploit draining nearly $6 million, perpetrated by the same attacker who exploited 1inch Fusion V1 in March 2025 for approximately $5 million. The recurring attacks highlight persistent vulnerabilities in 1inch's infrastructure.

The TrustedVolumes exploit represents a critical failure in DeFi security, with attackers targeting 1inch's ecosystem twice within a short timeframe. The fact that the same entity executed both the March 2025 Fusion V1 breach and the current TrustedVolumes drain suggests sophisticated, coordinated attack strategies rather than isolated incidents. This pattern indicates the attacker possesses deep knowledge of 1inch's architecture, allowing them to identify and exploit similar vulnerabilities across different protocol components.

These incidents expose fundamental challenges in liquidity provider security on decentralized exchanges. 1inch has positioned itself as a key routing aggregator, but successive exploits undermine confidence in its safety mechanisms. The $6 million TrustedVolumes drain, combined with the prior $5 million loss, totals approximately $11 million in losses—a significant sum that signals systemic weaknesses rather than edge-case bugs. Liquidity providers have become increasingly attractive targets as they concentrate capital and manage complex smart contract interactions.

The repeated exploitation creates cascading effects throughout DeFi. Risk-averse liquidity providers may withdraw capital from 1inch pools, reducing liquidity depth and increasing slippage for traders. Institutional participants evaluating 1inch integration face renewed due diligence concerns. The market-wide implication extends beyond 1inch—it reinforces broader questions about DEX security practices and the adequacy of current audit standards.

Security patches and post-mortems will be critical. The protocol must identify why similar attack vectors persist and implement architectural changes rather than incremental fixes. Users should closely monitor 1inch's official response and consider their exposure until transparent remediation occurs.

• →The same attacker exploited 1inch twice in months, draining $11 million combined from Fusion V1 and TrustedVolumes
• →Recurring attacks on different protocol components suggest architectural vulnerabilities rather than isolated security oversights
• →Liquidity providers may withdraw from 1inch pools, reducing available liquidity and increasing trading slippage
• →The exploits raise systemic questions about DeFi security audit standards and smart contract validation practices
• →Market confidence in 1inch's safety mechanisms faces significant damage until comprehensive remediation is demonstrated