# TrustedVolumes, a liquidity provider used by multiple DeFi protocols, was hit by an exploit that has so far drained around $6.7 million in funds.

*web3 · news · 2026-05-07 · Decrypt*

## Key points

- TrustedVolumes lost $6.7 million due to flaws in its custom RFQ swap proxy contract.
- The attacker was identified as the same entity behind the March 2025 1inch Fusion V1 incident.
- Permissionless signer registration, broken replay protection, and unvalidated transfer source enabled the exploit.
- Funds were laundered through no-KYC exchange ChangeNow before being swapped to ETH.
- Experts warn the attack could have repeatedly drained more accounts if not detected.

**Companies:** 1inch, TrustedVolumes, Blockaid, Cyvers
**Countries:** North Korea

[Read the full story on Decrypt](https://decrypt.co/367070/defi-platform-trustedvolumes-hit-by-6-7m-exploit)

---

Canonical: https://newsio.io/n/f163f7b8-e8d9-4710-abb7-81cd44eec088/trustedvolumes-a-liquidity-provider-used-by-multiple-defi-protocols-was-hit-by-a
Summarized by Newsio from Decrypt. https://newsio.io/how-it-works