TrustedVolumes attacker returns 1,122 ETH, keeps $2M in bounty deal

Source Cryptopolitan

A negotiated settlement has once again outpaced a long asset recovery process as one of the attackers of TrustedVolumes, a liquidity resolver linked to 1inch Fusion, has returned 1,122.12 ETH in an Ethereum transfer, more than two months after the incident. The hacker has allegedly retained a similar amount as part of a negotiated bug bounty agreement, as reported by Defimon Alerts.

When the deal was made, Ether’s price was roughly estimated at $1,843, thus making the total value of the recovery approximately $2.07 million and clarifying why this event is usually called the “$2 million recovery.”

The importance of the deal is not defined by how large it is, but by the fact that it reflects the increasing tendency in decentralized finance. Increasingly, organizations are turning to negotiating with their attackers as opposed to relying only on law enforcement or lengthy court cases. While this approach may provide quicker results, it raises the fear that extortionists will begin to view bug bounty negotiations as a way to avoid being caught rather than as an exception.

Both parties posted a message on-chain confirming the settlement.

“We have finalized the negotiations with the original exploiter,” the message said

Moreover, the exploiter “returned the funds and received their bug bounty,” the message added, encouraging any remaining attackers to write to tvbugbounty@proton.me. TrustedVolumes hinted at this approach right after the exploit, saying that the company was willing to have “constructive communication regarding a bug bounty and a mutually acceptable resolution.”

What was taken in May

TrustedVolumes worked as a resolver in the 1inch Fusion environment, allowing for the operation of a Request-For-Quote (RFQ) market, which provided liquidity for token exchanges when needed. On 7 May, an attack took place whereby the resolver was exploited and approximately $5.87 million worth of digital assets were withdrawn in a single Ethereum transaction. Later data by the protocol suggested that the damage after accounting for asset values and related losses could reach about $6.7 million.

According to the analysis of Blockaid, in total $5.87 million was lost, which included 1,291 WETH, 1.26 million USDC, 206,282 USDT, and 16.93 WBTC. The compromised resolver contract was determined to be 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31, while the attack was connected to a bespoke RFQ proxy contract launched at 0xeEeEEe53033F7227d488ae83a27Bc9A9D5051756. The main attacker wallet 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100, however, was classified as a TrustedVolumes exploit address by Etherscan.

Cybersecurity researchers found that methods that were used in this attack were very similar to those used in the hack from March 2025 involving the 1inch Fusion V1 system.

Investigators determined that the hack happened due to an access-control vulnerability rather than the theft of private keys or some previously unknown exploit. Halborn discovered that due to a public function, any individual could register as an authorized order signer. The attackers then approved unauthorized orders transferring money that had already been approved for the proxy contract. Blockaid was able to identify the exploit while it happened and noted that neither 1inch’s infrastructure nor user funds were affected.

Why the incentives cut both ways

The settlement showcases the challenges the DeFi industry faces. It is often more desirable to negotiate and reclaim stolen funds rather than face the possibility of losing everything at the end of long and unpredictable investigations. However, these settlements can create a financial rationale that leads criminals to believe that they can steal money and then negotiate for a large payoff afterward.

Calculating the theft is becoming increasingly complex as the forensics in blockchain keep getting better. TRM Labs found that cryptocurrency scams robbed people of $2.87 billion in 2025 through approximately 150 incidents, but at the same time, investigators have been rather successful in tracing the stolen crypto and following the laundering routes. For instance, in the TrustedVolumes case, Blockaid, CertiK, and SlowMist were able to monitor the theft as soon as it happened and to track how the hacker converted the stolen goods into ETH, which helped make the criminals feel more uneasy before the deal was cut.

Only part of the case was settled through the deal. One attacker returned 1,122.12 ETH or approximately $2.07 million at the moment of the transaction; however, held a similar amount as stated in the proposed bug bounty. Recovery of the rest of the stolen funds may come from either reaching a settlement in the future or laundering the stolen money and will be an excellent gauge of how future hacks’ offenders weigh their chances of being traced by blockchain security against the possibility of negotiating their way out.

The smartest crypto minds already read our newsletter. Want in? Join them.

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Natural Gas sinks to pivotal level as China’s demand slumpsNatural Gas price (XNG/USD) edges lower and sinks to $2.56 on Monday, extending its losing streak for the fifth day in a row. The move comes on the back of China cutting its Liquified Natural Gas (LNG) imports after prices rose above $3.0 in June. It
Author  FXStreet
Jul 01, 2024
Natural Gas price (XNG/USD) edges lower and sinks to $2.56 on Monday, extending its losing streak for the fifth day in a row. The move comes on the back of China cutting its Liquified Natural Gas (LNG) imports after prices rose above $3.0 in June. It
placeholder
Markets in 2026: Will gold, Bitcoin, and the U.S. dollar make history again? — These are how leading institutions thinkAfter a turbulent 2025, what lies ahead for commodities, forex, and cryptocurrency markets in 2026?
Author  Insights
Dec 25, 2025
After a turbulent 2025, what lies ahead for commodities, forex, and cryptocurrency markets in 2026?
placeholder
ECB Policy Outlook for 2026: What It Could Mean for the Euro’s Next MoveWith the ECB likely holding rates steady at 2.15% and the Fed potentially extending cuts into 2026, EUR/USD may test 1.20 if Eurozone growth proves resilient, but weaker growth and an ECB pivot could pull the pair back toward 1.13 and potentially 1.10.
Author  Mitrade
Dec 26, 2025
With the ECB likely holding rates steady at 2.15% and the Fed potentially extending cuts into 2026, EUR/USD may test 1.20 if Eurozone growth proves resilient, but weaker growth and an ECB pivot could pull the pair back toward 1.13 and potentially 1.10.
placeholder
Gold slides back closer to $4,050 as Iran risks and Fed hike bets boost USDGold (XAU/USD) opens with a modest bearish gap at the start of a new week and slides back closer to the $4,050 level during the Asian session.
Author  FXStreet
Jul 13, Mon
Gold (XAU/USD) opens with a modest bearish gap at the start of a new week and slides back closer to the $4,050 level during the Asian session.
placeholder
Gold Price Forecast: Cooling Inflation Fails to Offset Fed Hawkish Pressure, Gold Price May Fall to $3,500As of the Asian session on July 17, gold prices ( XAUUSD ) fluctuated around $4,000. However, it is worth noting that gold closed at $3,969.41 yesterday, confirming a break below the $4,0
Author  TradingKey
Yesterday 10: 30
As of the Asian session on July 17, gold prices ( XAUUSD ) fluctuated around $4,000. However, it is worth noting that gold closed at $3,969.41 yesterday, confirming a break below the $4,0
goTop
quote