{"id":90976,"date":"2026-05-09T18:03:10","date_gmt":"2026-05-09T18:03:10","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=90976"},"modified":"2026-05-09T18:03:10","modified_gmt":"2026-05-09T18:03:10","slug":"hacker-drains-5-9m-from-ethereum-liquidity-provider-trustedvolumes","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=90976","title":{"rendered":"Hacker Drains $5.9M From Ethereum Liquidity Provider TrustedVolumes"},"content":{"rendered":"
\n

TrustedVolumes, a liquidity provider on the Ethereum blockchain, lost about $5.9 million in funds to a hacker on Thursday.<\/p>\n

The attacker was able to exploit a vulnerability within the custom trading system used by the platform and managed to withdraw the funds, which included ETH, WBTC, as well as USDT and USDC stablecoins.<\/p>\n

What Happened<\/h2>\n

According to blockchain security firm Blockaid, which caught<\/a> the exploit as it was happening, the stolen funds included 1,291 WETH, around 16.9 WBTC, roughly 206,000 USDT, and just under 1.27 million USDC.<\/p>\n

The attack worked by abusing a design flaw in TrustedVolumes\u2019 custom order-settlement system, known as a Request for Quote (RFQ) proxy.<\/p>\n

GoPlus Security posted a breakdown showing<\/a> that the attacker registered themselves as an authorized \u201corder signer\u201d using a function called \u201cregisterAllowedOrderSigner()\u201d that was publicly accessible.<\/p>\n

The function allows anyone to designate their own address as a valid signer for trades they controlled, and while normally that would be harmless enough, the settlement function had a separate problem: it checked authorization against one address while actually pulling funds from a different one.<\/p>\n

As detailed in a technical report posted<\/a> by security researcher Defi Nerd, the attacker used that gap to execute four drain transactions against the TrustedVolumes resolver contract, which had previously given the proxy permission to move its tokens.<\/p>\n

According to them, each time, the proxy pulled assets from the resolver and sent only a single raw USDC unit back. Then the attacker converted the stolen WETH back into ETH and forwarded everything to their own wallet.<\/p>\n

TrustedVolumes confirmed the exploit and publicly posted three wallet addresses holding the stolen funds, asking the hacker to get in touch about a \u201cbug bounty and a mutually acceptable resolution.\u201d<\/p>\n

1inch Distances Itself as DeFi Hacks Continue<\/h2>\n

Because TrustedVolumes functions as a liquidity provider and market maker on 1inch, some early reports framed the incident as a 1inch exploit.<\/p>\n

However, that is not accurate, and both 1inch and Blockaid put out statements clarifying<\/a> that the protocol itself was not compromised and no user funds on 1inch were affected.\u00a0TrustedVolumes operates independently across multiple platforms, not exclusively on 1inch.<\/p>\n

The attack occurred during an especially difficult period for the DeFi ecosystem since it followed a catastrophic month of April, where more than $650 million worth of crypto was stolen<\/a> from different projects.<\/p>\n

KelpDAO and Drift Protocol were the most affected, having $292 million and $285.2 million taken away from them.<\/p>\n

So at $5.9 million, this latest exploit is smaller in scale. But the technical sophistication of the approach, deploying a helper contract, abusing self-service signer registration, and exploiting a maker\/funding-source mismatch in a single transaction, puts it in a different category from a simple bug or misconfiguration.<\/p>\n

The post Hacker Drains $5.9M From Ethereum Liquidity Provider TrustedVolumes<\/a> appeared first on CryptoPotato<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

TrustedVolumes, a liquidity provider on the Ethereum blockchain, lost about $5.9 million in funds to a hacker on Thursday. The attacker was able to exploit a vulnerability within the custom trading system used by the platform and managed to withdraw the funds, which included ETH, WBTC, as well as USDT and USDC stablecoins. What Happened […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-90976","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/90976","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=90976"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/90976\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=90976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=90976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=90976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}