New DeFi hack on Ethereum: over 6.7 million drained from the market maker linked to 1inch

The DeFi sector is once again under pressure after a new hack that hit TrustedVolumes, a market maker and liquidity provider connected to the 1inch ecosystem.

The exploit, which occurred on the Ethereum network, has reportedly already caused losses of more than $6.7 million in stablecoins and wrapped assets.

TrustedVolumes hit by a complex exploit: what happened?

According to the first reconstructions shared by security firm Blockaid, the attack allegedly targeted the settlement contract used by the protocol.

The stolen funds reportedly include WETH, WBTC, USDT and USDC, transferred through a series of rapid operations and later consolidated into ETH.

On-chain investigators identified the wallet used in the main operation and monitored the subsequent movements of the funds.

Within a few hours, the hacker had allegedly converted most of the stolen assets into around 2,500 ETH via internal swaps and custom proxies, making immediate recovery of the sums more difficult.

TrustedVolumes has confirmed the attack and is reportedly considering introducing a bug bounty, that is, a reward for those who help identify the vulnerability or recover the funds.

However, the economic and reputational damage already appears significant. The exploited vulnerability is said to be linked to the RFQ system, i.e., the “request for quote” mechanism used to facilitate liquidity trades.

This is a very sensitive component in DeFi infrastructures, because it allows coordination of price quotes and orders between market makers and decentralized protocols.

According to several blockchain analysts, there are also operational similarities with the major attack that hit 1inch Fusion V1 in 2025, when hackers managed to steal around $5 million.

In this case, however, the technical flaw is said to be different: the Fusion V1 code was not compromised, but rather a specific part of the RFQ architecture internally developed by TrustedVolumes.

DeFi hacks are on the rise again in 2026

The hack against TrustedVolumes is unfortunately not an isolated incident. In the first days of May 2026, the crypto sector has already recorded several significant breaches, with a total of more than $8 million stolen from users and decentralized protocols.

This figure is particularly significant because it comes after an already very heavy April from this point of view for the DeFi ecosystem.

According to blockchain hack monitoring databases, the previous month reportedly saw hundreds of millions of dollars compromised through exploits, cross-chain vulnerabilities and protocol manipulations.

Among the most recent cases is that of Sharwa.Finance, hit on May 1 by a manipulation of price oracles that allowed attackers to steal funds by exploiting the internal logic of the protocol.

On the same day, Bisq was also compromised, one of the historic peer-to-peer platforms in the crypto world, through an exploit related to the Bisq V1 client.

The damage suffered by Bisq reportedly exceeded $850,000, but the project reacted quickly by announcing a reimbursement plan for affected users.

One of the main contributors stated that the goal is to ensure the fastest possible recovery, primarily in Bitcoin.

The attacks then continued in the following days. The SmartCredit protocol was reportedly hit by a flash-loan-based exploit, a technique that has now become classic in the DeFi landscape.

The attackers temporarily used large amounts of borrowed capital to manipulate the lending system and steal around $72,000.

A few hours later it was also the turn of Ekubo, a liquidity-focused protocol, which reportedly lost about $1.4 million in WBTC due to an issue in the router’s access controls.

According to on-chain reconstructions, the hacker carried out dozens of transactions in rapid succession to distribute the funds across connected DeFi platforms.

This sequence of attacks highlights an increasingly evident problem: security in decentralized finance continues to lag behind the growing complexity of protocols.

The more advanced and interconnected the systems become, the larger the potentially attackable surface area grows.

DeFi continues to grow, but trust remains fragile

In any case, despite the ongoing hacks, decentralized finance maintains high volumes and continues to attract capital.

And it is precisely this contradiction that makes the phenomenon particularly interesting: on the one hand, users are aware of the risks; on the other, the sector continues to expand.

Many DeFi protocols in fact offer yields, operational speed and financial instruments that traditional finance still struggles to replicate.

However, each new exploit brings a fundamental question back to the forefront. Namely, how sustainable is an ecosystem in which millions of dollars can be stolen in a few minutes through technical vulnerabilities?

In the case of TrustedVolumes, the fact that the attack involved a market maker connected to a very well-known infrastructure like 1inch further increases concerns.

Users tend to associate large-scale protocols with higher levels of security, but reality continues to show that no system is completely immune.

In this context, the role of hackers is also changing. DeFi exploits no longer seem to be improvised operations by individual actors, but truly highly specialized activities.

Attackers in fact use automated tools, advanced smart contract analysis and sophisticated cross-chain movements to maximize profits and complicate tracking.

At the same time, the blockchain security market is also growing. Companies like Blockaid and PeckShield are taking on an increasingly central role in real-time threat monitoring.

However, the impression is that the sector continues to move reactively, intervening mainly after attacks rather than preventing them completely.