TrustedVolumes, a liquidity provider and market maker for decentralized exchange aggregator 1inch, is suffering an ongoing attack that has drained around $5.87 million, blockchain security firm Blockaid reported.
In a Wednesday post on social media platform X, Blockaid flagged that the exploit was affecting TrustedVolumes' resolver contract on the Ethereum blockchain.
According to Blockaid, the $5.87 million in drained funds included 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC.
The security firm stated that the attacker was the same entity responsible for the March 2025 exploit of 1inch Fusion V1, which drained around $5 million. However, Blockaid noted that the ongoing attack involves a different vulnerability related to a TrustedVolumes-controlled custom RFQ (request for quote) swap proxy.
Attacks on DeFi participants have surged significantly since last month, marked by the $285 million social engineering attack on Drift and the $293 million exploit on Kelp DAO.
According to data from DefiLlama, a total of $635.2 million was stolen in hacks and exploits in April, which was the largest monthly sum since February 2025, when hackers stole nearly $1.5 billion from Bybit. The attack on TrustedVolumes marks the fifth major exploit since the beginning of May.
This is a developing story.