No Result
View All Result
Global Finances Daily
  • Alternative Investments
  • Crypto
  • Financial Markets
  • Investments
  • Lifestyle
  • Protection
  • Retirement
  • Savings
  • Work & Careers
No Result
View All Result
  • Alternative Investments
  • Crypto
  • Financial Markets
  • Investments
  • Lifestyle
  • Protection
  • Retirement
  • Savings
  • Work & Careers
  • Login
Global Finances Daily
No Result
View All Result
Home Crypto

TrustedVolumes attacker returns $2M, keeps another $2M as bounty

July 18, 2026
in Crypto
0
TrustedVolumes attacker returns $2M, keeps another $2M as bounty - 1



A TrustedVolumes attacker has returned 1,122 ETH worth about $2 million while keeping another $2 million as a self-declared bounty.

Summary

  • The TrustedVolumes attacker returned 1,122 ETH worth about $2 million.
  • The exploiter retained another $2 million as a self-declared bounty.
  • Blockaid traced the May attack to TrustedVolumes’ custom RFQ swap proxy.

According to Com Feed monitoring, the Ethereum transfer represents a partial recovery from the May exploit, which initially drained about $5.87 million from a contract controlled by the liquidity provider. The attacker has retained roughly the same dollar amount as the returned funds, labeling it a bounty.

⚠️ JUST IN: The TrustedVolumes exploiter has returned 1,122 ETH ($2M+

The original exploit resulted in more than $5.8M being stolen. The exploiter has now returned around $2M while retaining another $2M as a “bounty” pic.twitter.com/HJSdx4i4Or

— Com Feed (@thecomfeed) July 18, 2026

At the time of writing, TrustedVolumes had not formally confirmed that it had accepted the attacker’s bounty terms.

Partial repayment recovers only part of the stolen funds

TrustedVolumes disclosed in May that the total loss had reached roughly $6.7 million, exceeding the initial estimate reported by security researchers. The company said at that time the stolen assets were held across three addresses containing approximately $3 million, $3 million, and $700,000.

Seeking to recover the assets, TrustedVolumes offered to discuss a vulnerability bounty and what it called a mutually acceptable solution. The liquidity provider also invited the attacker to begin constructive communication, though its statement did not specify a proposed bounty rate.

Before the stolen tokens were consolidated, Blockaid identified 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1.27 million USDC among the drained assets. PeckShield later reported that the attacker exchanged the tokens and gathered the proceeds into about 2,513 ETH.

The returned 1,122 ETH was worth about $2 million at the time of writing, while Com Feed valued the attacker’s retained bounty at a similar amount. The combined dollar value is lower than the original loss because ETH has fallen since the May exploit, when the stolen assets were converted into the cryptocurrency.

Custom TrustedVolumes proxy caused the security breach

As previously reported by crypto.news, Blockaid traced the May 7 attack to a custom request-for-quote swap proxy operated by TrustedVolumes. According to the security firm, the attacker targeted the company’s Ethereum resolver setup rather than a regular 1inch swap route.

TrustedVolumes used the RFQ system to quote token prices and complete signed trades from its inventory. Verichains found that a public function lacked access controls, allowing the attacker to register an address as an approved order signer and create transactions that appeared valid to the proxy.

During the same transaction, the attacker directed the proxy to pull WETH, WBTC, USDT, and USDC from the TrustedVolumes inventory vault. Verichains also identified a mismatch between the address checked for authorization and the address supplying the tokens, while faulty replay protection failed to record orders correctly.

Although the affected market maker supplied liquidity through 1inch, the attack did not compromise 1inch’s core aggregation contracts or standard user routes, according to 1inch’s account of the incident. Blockaid linked the wallet to the March 2025 Fusion V1 exploit but reported that the May attack used a different flaw tied to TrustedVolumes’ custom proxy.



Editorial Team

Editorial Team

Related Posts

Cointelegraph
Crypto

DOJ Charges Crypto Investor in Alleged $20M Investment Fraud

July 18, 2026
XRP
Crypto

XRP Holds Near $1.06 While Multi-Token ETF Attention Moves Elsewhere

July 18, 2026
Cointelegraph
Crypto

MiCA Licensing Slows as ESMA Adds 14 New CASPs to Its Register

July 18, 2026
Malta regulator proposes new DAO category in DeFi rulebook - 1
Crypto

OKX Europe opens USDT escape route as MiCA restrictions tighten

July 18, 2026
Solana
Crypto

Solana Holds Support Even As Layer-1 Flows Turn Uneven

July 18, 2026
Cointelegraph
Crypto

Stablecoin growth will erode bank deposits, says ECB’s Cipollone

July 18, 2026
Load More
Next Post
7 Airports That Are So Beautiful, They're Destinations Themselves

7 Airports That Are So Beautiful, They're Destinations Themselves

Popular News

  • Earnings call: Comtech reports growth and refinancing plans in Q2

    Comtech reports growth and refinancing plans in Q2 By Investing.com

    0 shares
    Share 0 Tweet 0
  • Cynthia Lummis races to save the CLARITY Act before 2030

    0 shares
    Share 0 Tweet 0
  • How much does a comfortable retirement cost? New figures reveal what YOU need – and what you’d get

    0 shares
    Share 0 Tweet 0
  • Where to get high yield on stablecoins in 2025: Top 5 projects

    0 shares
    Share 0 Tweet 0
  • Fintex Capital expands debt origination team

    0 shares
    Share 0 Tweet 0

Latest News

Cointelegraph

DOJ Charges Crypto Investor in Alleged $20M Investment Fraud

July 18, 2026
0

Cointelegraph is committed to providing independent, high-quality journalism across the crypto, blockchain, AI, and fintech industries.All news, reviews, and analyses...

7 Airports That Are So Beautiful, They're Destinations Themselves

7 Airports That Are So Beautiful, They’re Destinations Themselves

July 18, 2026
0

A bamboo-inspired sky forest in northeast India, a giant lotus flower seemingly floating above Mumbai, a Cambodian canopy of towering...

TrustedVolumes attacker returns $2M, keeps another $2M as bounty - 1

TrustedVolumes attacker returns $2M, keeps another $2M as bounty

July 18, 2026
0

A TrustedVolumes attacker has returned 1,122 ETH worth about $2 million while keeping another $2 million as a self-declared bounty....

XRP

XRP Holds Near $1.06 While Multi-Token ETF Attention Moves Elsewhere

July 18, 2026
0

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure XRP is holding near the $1.06 area,...

Global Finances Daily

Welcome to Global Finances Daily, your go-to source for all things finance. Our mission is to provide our readers with valuable information and insights to help them achieve their financial goals and secure their financial future.

Subscribe

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Use
  • Editorial Process

© 2025 All Rights Reserved - Global Finances Daily.

No Result
View All Result
  • Alternative Investments
  • Crypto
  • Financial Markets
  • Investments
  • Lifestyle
  • Protection
  • Retirement
  • Savings
  • Work & Careers

© 2025 All Rights Reserved - Global Finances Daily.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.