You can also read this news on BH NEWS: Unexpected Developments in the Aftermath of a DeFi Breach: A Hacker Returns Millions In a surprising turn of events following a major decentralized fin
You can also read this news on BH NEWS: Unexpected Developments in the Aftermath of a DeFi Breach: A Hacker Returns Millions
In a surprising turn of events following a major decentralized finance (DeFi) security breach, a hacker responsible for the May attack on TrustedVolumes, a key player in the 1inch Fusion ecosystem, has returned 1,122.12 ETH, equivalent to nearly $2.07 million. This restitution, occurring over two months after the incident, highlights an emerging trend where DeFi platforms and hackers increasingly resort to direct negotiations to resolve such exploits.
Why Was Only Half of the Stolen ETH Returned?
The funds returned constitute roughly half of the stolen assets. In a move characterized as a negotiated bug bounty, the hacker allegedly retained a similar sum of ETH. This settlement occurred when Ether was valued at approximately $1,843, as confirmed by Defimon Alerts. TrustedVolumes and the hacker ratified this agreement through an on-chain message, signaling finality in their talks while inviting any other attackers involved to approach the firm for possible further negotiations.
More than two months after the $5.8 million exploit, one of the attackers returned 1,122 ETH, valued at $2 million. The parties confirmed that the funds were returned and the hacker accepted their bug bounty, with an open invitation for other participants in the incident to reach out.
Since the breach, TrustedVolumes expressed openness to constructive discussions on bug bounties, reminding potential attackers of this offer even in recent communications.
What Led to the TrustedVolumes Intrusion?
TrustedVolumes serves as a liquidity resolver within the 1inch Fusion Request-For-Quote marketplace, enabling efficient token swaps. The attack on May 7 led to the siphoning of assets worth around $5.87 million, with revised estimates later reaching $6.7 million. Cybersecurity experts at Blockaid uncovered that the breach involved several digital assets, including significant quantities of WETH, USDC, USDT, and WBTC.
Delving deeper, the compromise was linked to an access-control oversight rather than key theft or undisclosed system flaws. Analysis by Halborn revealed an exploitable public function allowing unauthorized users to register as order signers, thereby facilitating illegal fund transfers. Despite the exploit, Blockaid confirmed that the broader systems of 1inch and user funds remained untouched.
- An exploit allowed unauthorized access, leading to a substantial theft.
- 1,122.12 ETH was returned by the hacker following negotiations.
- Discussions with the hacker took over two months to conclude.
- TrustedVolumes offers bug bounties to engage constructively with hackers.
This settlement case underscores a shift in DeFi abuse handling strategies, with direct negotiations becoming more prevalent as projects aim for quicker resolutions than traditional legal routes offer. However, this swift settlement tactic has sparked concerns; some security experts argue it could motivate future breaches if hackers anticipate negotiations. With crypto scams accumulating $2.87 billion in losses in 2025, as reported by TRM Labs, advancements in digital forensics by companies like Blockaid, CertiK, and SlowMist are critical in tracking and negotiating recoveries. Despite this progress, many incidents remain unresolved, with only part of the stolen fortune reclaimed in this instance. Future recovery efforts will likely depend on continued dialogue or decisive action by remaining perpetrators.
Continue Reading:
Unexpected Developments in the Aftermath of a DeFi Breach: A Hacker Returns Millions