00:00
Money for You
Money for You
USD/RUB
EUR/RUB
Cryptocurrency

TrustedVolumes exploiter returns $2M, keeps equal share as bounty

The attacker behind the May exploit of TrustedVolumes has returned 1,122 ETH, worth approximately $2 million, while unilaterally retaining an identical amount as a self-declared bounty. This partial recovery follows a sophisticated breach that initially drained nearly $6 million from the liquidity provider’s custom swap proxy.

TrustedVolumes exploiter returns $2M, keeps equal share as bounty

The Ethereum transfer marks a significant, albeit incomplete, resolution to the security incident that first hit TrustedVolumes on May 7. While the company confirmed total losses reaching roughly $6.7 million, the current repayment covers only a portion of those assets. TrustedVolumes had previously signaled an openness to negotiating a bounty in exchange for the return of funds, though the firm has not yet formally accepted the attacker's conditions or the specific terms of this payout.

Security analysis from Blockaid and Verichains traced the vulnerability to a custom request-for-quote (RFQ) swap proxy used by the firm. The exploit bypassed standard security measures by targeting an improperly protected public function in the Ethereum resolver setup. This flaw allowed the attacker to masquerade as an approved order signer and drain assets including WETH, WBTC, and USDC directly from the inventory vault. Although the incident involved liquidity provided through 1inch, the aggregator’s core contracts remained secure, isolating the breach to TrustedVolumes’ specific infrastructure.

Share

Comments (0)

Leave a comment

No comments yet. Be the first!