Blockaid Flags $5.87M TrustedVolumes Exploit on Ethereum
Blockaid says it detected a $5.87M TrustedVolumes exploit on Ethereum involving the TrustedVolumes resolver contract (the victim). The attacker drained assets including 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC.
Blockaid notes this is tied to a different vulnerability than a prior incident. In March 2025, the same operator exploited 1inch Fusion V1, costing about $5M. This time, Blockaid points to a custom RFQ (request for quote) proxy controlled by TrustedVolumes.
TrustedVolumes acknowledged the incident on X and shared wallet addresses holding the stolen funds. It reported three collection wallets received about $3.0M, $3.0M, and $0.7M respectively. TrustedVolumes also signaled openness to a bug bounty and a “mutually acceptable resolution.”
The report also frames 2026 as a high-risk period: DeFi losses to scams are already near $770M this year, with April alone seeing close to 30 incidents totaling over $600M. It adds that coordinated law-enforcement action (FBI, Dubai Police, and China’s Ministry of Public Security) helped disrupt at least nine crypto fraud scam centers and arrest 276 people.
Traders should watch for renewed risk-off sentiment around Ethereum DeFi, especially for RFQ/liquidity infrastructure, as more TrustedVolumes exploit headlines can amplify perceived smart-contract risk.
Bearish
This is fundamentally a DeFi security incident. A $5.87M TrustedVolumes exploit, even if not systemically large, reinforces counterparty/smart-contract risk—exactly the kind of catalyst that can trigger short-term risk-off positioning in Ethereum DeFi. The link to a custom RFQ proxy controlled by the protocol also highlights a specific attack surface that may prompt traders to reduce exposure to similar liquidity/quote mechanisms.
The market impact is amplified by context: the article ties the exploit to a broader surge in scams in 2026 and cites major multi-agency enforcement. When scam/loss frequency rises, traders often demand higher yield spreads and tighten risk controls, which can pressure DeFi tokens and DeFi-adjacent liquidity providers in the near term.
Longer term, disclosure plus wallet/bug-bounty discussions can help restore some confidence, but the presence of a repeat operator (previously exploiting 1inch Fusion V1) typically keeps sentiment cautious. Historically, headline-driven exploit cycles tend to: (1) cause immediate volatility and cautious flows, (2) trigger contract reviews/audits, and (3) only normalize after remediation, patched deployments, and verifiable bounty/resolution outcomes. That pattern points to a bearish near-term bias rather than a sustained bull signal.