TL;DR:
- The exploit affected the TrustedVolumes resolver contract on May 7, 2026, with a confirmed loss of $6.7 million.
- Drained assets include 1,291.16 WETH, 16.93 WBTC, as well as significant amounts of USDT and USDC.
- According to Blockaid reports, the attacker used a custom RFQ exchange proxy to execute the vulnerability on the Ethereum network.
Liquidity provider TrustedVolumes fell victim to an exploit resulting in the theft of $6.7 million in digital assets. The incident, which occurred on Thursday, May 7, and was detected by Blockaid, compromised funds deposited on the Ethereum network through the manipulation of protocol-specific smart contracts.
šØ We were recently exploited.
The addresses currently holding the stolen funds are:
[https://t.co/Uffg1StIhA](https://t.co/Uffg1StIhA) ā approx. $3M
[https://t.co/gUCDHwOOTC](https://t.co/gUCDHwOOTC) ā approx. $3M
[https://t.co/68Lu7Bq0MJ][https://t.co/68Lu7Bq0MJ] āā¦
— TrustedVolumes (@trustedvolumes) May 7, 2026
On-chain attack technical analysis
The exploit was located in the platform’s resolver contract, identified at address 0x9bA0…Ea31. Data revealed by Blockaid indicates that the main execution of the attack was carried out from wallet 0xC3EB…9100. Etherscan records show that the attacker initially extracted $5.87 million, a figure that TrustedVolumes later updated to $6.7 million following an internal damage audit.
The stolen assets were categorized as follows: 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. According to security firm PeckShieldAlert, the hacker used a custom exchange proxy to convert the diverse tokens into 2,513 ETH. This consolidation maneuver suggests a strategy to facilitate the subsequent movement of funds through mixers or off-ramp services.
According to Blockaid’s analysis, the flaw lies in the company’s RFQ (request-for-quote) system. Designed to offer personalized quotes, it presented a weakness in its control logic that allowed for the unauthorized extraction of liquidity.
Security context and attacker background
Blockchain analysts point to a possible link between this event and the attack suffered by 1inch Fusion V1 in March 2025. At that time, the hacker obtained approximately $5 million. However, on this occasion, the exploited flaw is technically different from the past incident, as it focuses exclusively on TrustedVolumes’ RFQ architecture.
The beginning of the month for the decentralized finance (DeFi) market has been complex. During the first week of the month, monitoring tools recorded 5 major breaches accumulating losses exceeding $8 million. Victims include protocols such as Sharwa.Finance, which lost $32,850 due to oracle manipulation, and Bisq, which reported a $858,000 breach on May 1.
Added to these incidents are the flash loan attack on SmartCredit on May 4 for $72,000 and the vulnerability in Ekubo’s router module on May 5, which resulted in a $1.4 million loss. The flow of funds in the latter case was conducted through 85 fast transactions linked to platforms within the Velora ecosystem.
In an attempt to recover the assets, TrustedVolumes is currently evaluating the implementation of a bug bounty program.
