TL;DR:
- The exploit affected the TrustedVolumes resolver contract on Might 7, 2026, with a confirmed lack of $6.7 million.
- Drained property embody 1,291.16 WETH, 16.93 WBTC, in addition to important quantities of USDT and USDC.
- In line with Blockaid experiences, the attacker used a customized RFQ trade proxy to execute the vulnerability on the Ethereum community.
Liquidity supplier TrustedVolumes fell sufferer to an exploit ensuing within the theft of $6.7 million in digital property. The incident, which occurred on Thursday, Might 7, and was detected by Blockaid, compromised funds deposited on the Ethereum community via the manipulation of protocol-specific good contracts.
🚨 We had been not too long ago exploited.
The addresses presently holding the stolen funds are:
[https://t.co/Uffg1StIhA](https://t.co/Uffg1StIhA) — approx. $3M
[https://t.co/gUCDHwOOTC](https://t.co/gUCDHwOOTC) — approx. $3M
[https://t.co/68Lu7Bq0MJ]— TrustedVolumes (@trustedvolumes) Might 7, 2026
On-chain assault technical evaluation
The exploit was situated within the platform’s resolver contract, recognized at deal with 0x9bA0…Ea31. Knowledge revealed by Blockaid signifies that the primary execution of the assault was carried out from pockets 0xC3EB…9100. Etherscan information present that the attacker initially extracted $5.87 million, a determine that TrustedVolumes later up to date to $6.7 million following an inside injury audit.
The stolen property had been categorized as follows: 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. In line with safety agency PeckShieldAlert, the hacker used a customized trade proxy to transform the varied tokens into 2,513 ETH. This consolidation maneuver suggests a technique to facilitate the next motion of funds via mixers or off-ramp companies.
In line with Blockaid’s evaluation, the flaw lies within the firm’s RFQ (request-for-quote) system. Designed to supply customized quotes, it introduced a weak point in its management logic that allowed for the unauthorized extraction of liquidity.
Safety context and attacker background
Blockchain analysts level to a doable hyperlink between this occasion and the assault suffered by 1inch Fusion V1 in March 2025. At the moment, the hacker obtained roughly $5 million. Nonetheless, on this event, the exploited flaw is technically completely different from the previous incident, because it focuses completely on TrustedVolumes’ RFQ structure.
The start of the month for the decentralized finance (DeFi) market has been complicated. Through the first week of the month, monitoring instruments recorded 5 main breaches accumulating losses exceeding $8 million. Victims embody protocols resembling Sharwa.Finance, which misplaced $32,850 as a consequence of oracle manipulation, and Bisq, which reported a $858,000 breach on Might 1.
Added to those incidents are the flash mortgage assault on SmartCredit on Might 4 for $72,000 and the vulnerability in Ekubo’s router module on Might 5, which resulted in a $1.4 million loss. The move of funds within the latter case was performed via 85 quick transactions linked to platforms throughout the Velora ecosystem.
In an try to get well the property, TrustedVolumes is presently evaluating the implementation of a bug bounty program.
