TrustedVolumes exploit don confirm: $6.7M RFQ swap thief, dem dey find talks

TrustedVolumes don confirm say di TrustedVolumes exploit involve one custom RFQ (request-for-quote) swap proxy wey dem dey control, and di loss total reach about $6.7M for Ethereum. Blockchain firm Blockaid don before trace almost $6M go TrustedVolumes’ Ethereum resolver contract, and incident reports link di exploiter to di same operator wey cause di March 2025 1inch Fusion v1 incident, even though di flaw dey for TrustedVolumes-controlled infrastructure. Technically, di TrustedVolumes exploit target di privileged RFQ proxy design. TrustedVolumes talk say 3 wallet addresses carry di stolen assets (about $3M, $3M, and $700K). Di firm say dem "open to constructive communication" and propose one bounty-style, mutually acceptable solution. Security lead Hakan Unal (Cyvers) yarn say di root cause na permissionless signer registration, broken replay protection, and one unvalidated transfer source field—this raise worry say dem fit drain again from approved accounts. 1inch deny say dem directly involve, say im core aggregation contracts and user funds get "no impact," but dem admit say dem dey use TrustedVolumes as one of many resolvers. Key flows wey dem cite include about 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC wey route from di Ethereum resolver. For traders, di main short-term worry na counterparty confidence around 1inch-adjacent liquidity and RFQ infrastructure. If TrustedVolumes exploit funds return, sentiment fit stabilize; if no, risk premiums fit rise for affected DeFi liquidity venues wey dey tied to resolver/RFQ flows.