1inch's TrustedVolumes Targeted by Repeat Attacker in $6M Exploit

A $6 million exploit targeting 1inch's TrustedVolumes liquidity provider appears to be the work of the same attacker who drained $5 million from Fusion V1 in March. The recurring breach raises serious questions about the protocol's security architecture.

A sophisticated attacker has drained approximately $6 million from 1inch's TrustedVolumes liquidity provider, marking the second major exploit against the decentralized exchange protocol in recent months. According to security firm Blockaid, the same actor responsible for the March 2025 Fusion V1 breach—which resulted in roughly $5 million in losses—has now targeted this new vector. The recurring nature of these attacks suggests either a fundamental architectural vulnerability within 1inch's ecosystem or a well-resourced adversary methodically working through the protocol's surface area.

TrustedVolumes represents a critical component of 1inch's infrastructure, functioning as a liquidity aggregation layer that connects multiple DEX venues and market makers. By compromising this service, the attacker gained access to order flow and funds in transit across the network. The exploit mechanics likely involved either a smart contract vulnerability allowing unauthorized fund transfers, a private key compromise of critical infrastructure, or a sophisticated flash loan attack leveraging the protocol's composability. Each scenario carries different implications for user safety and the robustness of 1inch's technical architecture. The fact that this represents the second attack by the same entity within months raises questions about whether the team adequately addressed the root causes exposed in the initial March incident.

From a market perspective, these consecutive exploits damage confidence in 1inch's security posture at a time when competing aggregators like 0x and specialized liquidity protocols are strengthening their positions. The protocol's value proposition depends heavily on users trusting that their transactions route safely through its infrastructure. Each drain event creates reputational friction and incentivizes developers and traders to diversify their aggregation sources. However, it's worth noting that 1inch has historically recovered from security incidents through rapid response and compensation mechanisms, maintaining substantial trading volume despite previous controversies.

The broader implications extend beyond 1inch itself. These attacks underscore the persistent challenge of securing complex, multi-contract systems where attackers can leverage interactions between multiple components to extract value. As DeFi continues to mature, the bar for infrastructure security becomes increasingly high—a single recurring vulnerability can erode years of user trust. The incident should prompt rigorous audits across the entire 1inch codebase and renewed focus on formal verification methods, suggesting the industry may need even more sophisticated security frameworks to prevent such repeat attacks going forward.