TrustedVolumes Attacker Returns 1,122 ETH, Retains Funds After Settlement
The party responsible for the TrustedVolumes exploit has returned 1,122 ETH, worth roughly $2 million at current prices. On-chain monitoring identified the transfer as a partial repayment lin
A
AnonymousCryptoCompass newsroom
July 18, 2026
3 min read
NEWS
Hero article visual / chart / editorial image
CryptoCompass editorial visual for defi coverage.
The party responsible for the TrustedVolumes exploit has returned 1,122 ETH, worth roughly $2 million at current prices. On-chain monitoring identified the transfer as a partial repayment linked to the May 7, 2026 incident. The repayment marks the latest development in the original TrustedVolumes exploit, in which the stolen assets were converted into approximately 2,513 ETH. TrustedVolumes reported a total loss of approximately $6.7 million. Initial security estimates valued the drain at about $5.87 million, comprising 1,291.16 WETH, 206,282 USDT, 16.939 WBTC and roughly 1.27 million USDC taken from the project’s inventory.
JUST IN: The TrustedVolumes exploiter has returned 1,122 ETH ($2M+
The original exploit resulted in more than $5.8M being stolen. The exploiter has now returned around $2M while retaining another $2M as a “bounty” pic.twitter.com/HJSdx4i4Or
The attacker retained funds of comparable value and described the remaining portion as a bounty. TrustedVolumes has not published the complete settlement terms or directly confirmed the final bounty amount. After the exploit, the project said it was open to constructive communication over a vulnerability bounty and a mutually acceptable resolution.
Bounty offers are also used in other crypto recovery efforts, including the BC.GAME hack, where the platform offered $500,000 for credible information identifying the attacker. Unlike recoveries where security researchers receive a formally approved reward, such as the $1.84 million Foom.cash rescue, the amount retained in this case has only been labelled a bounty by the attacker.
Custom RFQ Proxy Enabled the Exploit
Security researchers attributed the incident to TrustedVolumes’ custom request-for-quote swap proxy. Access-control and authorization weaknesses allowed the attacker to register an approved order signer and submit malicious orders against the project’s inventory.
The contract checked authorization using the order’s receiver field but transferred tokens from the inventory address. Researchers also identified ineffective replay protection. Together, the flaws enabled the attacker to drain multiple assets in a single transaction.
1inch Systems Were Not Affected
The vulnerable RFQ proxy and inventory contracts were controlled by TrustedVolumes. They were not part of 1inch’s core aggregation infrastructure. 1inch said its protocols, systems and user funds were unaffected. The incident targeted TrustedVolumes’ independent market-making setup rather than ordinary swaps made through 1inch. The 1,122 ETH transfer confirms a partial recovery from the May exploit. However, TrustedVolumes has not publicly disclosed how the retained amount was calculated or whether it considers the settlement complete.
ether.fi, the leading onchain neobank for digital asset management, has selected Nexus Mutual to provide crypto’s largest-ever ETH Slashing Cover. The cover protects ether.fi‘s validators aga
Numerai, the decentralized hedge fund powered by crowdsourced machine learning, today announced the completion of a third strategic purchase of Numeraire (NMR), acquiring an additional $1.2 m
The BitShine case just hit its conclusion, and it’s a heavy one. A Taiwan court handed the group’s ringleader a 22-year prison sentence. That kind of time doesn’t show up often in crypto frau