The 1inch TrustedVolumes resolver contract was drained for $6.7M on Ethereum, marking the second major incident linked to the same attacker who exploited Fusion V1 in March. According to Blockaid's analysis, this represents a distinct vulnerability despite the common operator.
The TrustedVolumes resolver, part of 1inch's aggregation infrastructure, manages volume calculations and routing decisions across DEX sources. Early indicators suggest the exploit targeted the contract's trusted data validation mechanism, potentially through manipulated volume feeds or compromised oracle inputs. Unlike the March Fusion V1 incident (which involved limit order settlement logic), this attack vector appears to exploit the resolver's dependency on external volume data.
- **Direct loss**: $6.7M drained from TrustedVolumes contract
- **User exposure**: Limited to users with active resolver interactions
- **Protocol status**: 1inch core aggregation services appear unaffected
- **Recovery timeline**: Team investigating with no immediate ETA
This incident highlights infrastructure risks across DEX aggregators. While competitors like Paraswap and CowSwap use different resolver architectures, the attack pattern suggests sophisticated exploitation of aggregation-layer vulnerabilities. The repeat attacker angle raises questions about broader infrastructure monitoring across similar protocols.
For protocol developers, this reinforces the need for comprehensive DeFi protocol safety evaluation frameworks, especially around trusted data inputs and resolver contracts. The two-exploit pattern from one attacker suggests insufficient post-incident hardening.
Users should audit active approvals on 1inch contracts and consider temporary migration to alternative aggregators until resolution. The incident underscores why DeFi protocol safety evaluation should extend beyond core trading logic to include auxiliary infrastructure components.
#DeFiSecurity #1inch #DEXAggregators