TrustedVolumes (1inch) Hack 2026 — $7M Exploit Analysis

A vulnerability in 1inch's TrustedVolumes resolver contract allowed privilege escalation, leading to a $6.7M drain.

Details

Full Description

In May 2026, a critical vulnerability was discovered in 1inch's TrustedVolumes resolver contract. The flaw allowed an attacker to escalate privileges within the resolver, enabling unauthorized token transfers and swaps. The exploit resulted in the loss of approximately $6.7 million in various ERC-20 tokens from affected user wallets and liquidity pools. 1inch promptly disabled the affected resolver and deployed an upgraded version.

Laundering Analysis

Stolen ERC-20 tokens were swapped for ETH via 1inch and Uniswap. The attacker then distributed ETH across multiple wallets and deposited portions into Tornado Cash mixer. Some funds were traced to centralized exchange deposit addresses, but no freeze actions have been publicly confirmed. 1inch is cooperating with law enforcement and chain analytics.

Sources

Related Hacks

Back to Browse