On May 6, 2026, the decentralized finance platform TrustedVolumes suffered a $6.7 million exploit. An attacker stole various digital assets, including wETH, USDT, wBTC, and USDC, by bypassing critical validation protocols. The stolen funds were quickly converted to ETH through ChangeNow, a common maneuver to prevent asset freezes.

TrustedVolumes acts as a key component in the DeFi ecosystem, serving as a resolver and market maker that facilitates trades for platforms like 1inch. The exploit specifically targeted vulnerabilities in TrustedVolumes' validation processes, allowing the unauthorized withdrawal of substantial cryptocurrency holdings. The precise method of bypassing these checks remains under investigation, but it allowed the perpetrator to execute transactions as if they were legitimate.

Following the theft, the attacker initiated a rapid conversion of the stolen wETH, USDT, wBTC, and USDC. These assets were funneled through the ChangeNow exchange, a service known for its quick swaps and minimal KYC requirements, which can complicate tracing efforts. The final conversion into Ethereum aims to obscure the funds' origin and make them harder for authorities or the platform to freeze or reclaim. Blockchain security firm Blockaid has identified this attack as linked to a prior $5 million exploit against 1inch in March 2025, suggesting a pattern of sophisticated attacks from the same entity.

Despite its reliance on TrustedVolumes for certain operations, 1inch quickly issued a statement clarifying that its core systems were not directly compromised in this latest incident. The company confirmed its use of TrustedVolumes as a resolver but emphasized that the exploit did not involve any of 1inch's proprietary smart contracts or user funds held directly on its platform. This distinction is crucial for user confidence in the larger DeFi space, where interconnected protocols often share vulnerabilities.

The March 2025 exploit, which Blockaid attributed to the same attacker, saw $5 million removed from 1inch's liquidity pools. Industry experts continue to monitor the movement of the $6.7 million in stolen ETH.