TrustedVolumes exploit fuels fresh debate over safer DeFi lending
TrustedVolumes, a liquidity provider and market maker connected to 1inch, was hit by an ongoing exploit that drained about $5.87 million from its Ethereum resolver contract, according to blockchain security firm Blockaid.
- TrustedVolumes lost nearly $6 million after attackers targeted its custom RFQ swap proxy on Ethereum.
- Sergej Kunz said shared-pool lending exposes suppliers to risks from bad collateral listings and exits.
- Intent-based lending could replace shared pools with fixed-rate loans, matched terms, and atomic settlement safeguards.
The stolen assets included 1,291.16 WETH, 206,282 USDT, 16.939 WBTC, and 1,268,771 USDC. The attack affected a TrustedVolumes-controlled custom RFQ swap proxy, not a standard user swap route.
Blockaid linked the attacker to the March 2025 1inch Fusion V1 exploit, which drained about $5 million. However, the firm said the latest attack used a different vulnerability linked to the custom proxy setup.
The case has renewed attention on DeFi contract approvals, resolver systems, and third-party market-making infrastructure. These tools often need broad permissions to move funds quickly, which can create risk when attackers find a weak point.
Sergej Kunz criticizes shared-pool lending
Separately, 1inch co-founder Sergej Kunz criticized shared-pool lending systems after the Kelp DAO rsETH exploit affected liquidity on Aave. He said he was a WETH provider watching his position turn negative while withdrawals were blocked by 100% utilization.
Kunz wrote, “Every failure here is a feature of shared-pool variable-rate lending.” He argued that one weak collateral listing can affect an entire reserve, while fast exits can reward users who react before others.
His comments focused on lending market design rather than the TrustedVolumes RFQ exploit. Still, both cases have added pressure on DeFi teams to review contract risk, collateral rules, and user exposure.
Intent-based lending enters the debate
Kunz pointed to event-driven, intent-based lending as a possible alternative. Under that model, lenders and borrowers would sign matched terms covering collateral, loan-to-value ratio, rate, duration, and event triggers.
He said custody would remain with users until atomic settlement. Kunz added, “No shared pool. No slope2. No slow governance. No socialized loss. Each loan is a discrete contract.”
The TrustedVolumes exploit and the Kelp DAO lending stress are separate events. Still, both cases have pushed fresh debate over DeFi risk design, contract permissions, and whether shared liquidity systems need safer alternatives.
In a separate update, crypto.news reported that Wasabi Protocol lost more than $5 million across Ethereum, Base, Berachain, and Blast. Security firms said a compromised admin key allowed attackers to upgrade contracts and drain funds.
You May Also Like
XRP Whale Just Opened a $1.43 Million Long at $1.42. Something Big Coming?
S&P 500 Hits Fresh Record Highs as AI Momentum Drives Rally, Deutsche Bank Reports
