CRITICALEthereumSmart Contract BugMONITORING

TrustedVolumes Resolver

Free demo case: NullTrace is investigating an ongoing TrustedVolumes resolver exploit on Ethereum. Instant forensic report is paid; full free report unlocks after 24 hours.

Loss

~$5.87M

Risk

Ongoing exploit under investigation

Confidence

83%

Instant Forensic Report · x402 on Solana

Unlock the full AI-generated breakdown

Pay once with SOL via x402 — the machine-to-machine payment protocol on Solana. Full wallet trace, fund flow graph, exploit PoC, and PDF export unlocked instantly.

HTTP 402 · x402 Protocol

Full wallet flow graph

Exploit PoC breakdown

Fund tracing report

PDF export + API

Free in 24h

x402 · HTTP 402 payment required · Solana Mainnet · Demo mode

Investigation mode · free preliminary demo

We are still verifying this contract activity.

This page is the free public view from a few hours ago. The instant forensic report runs the agents now and requires payment. If you choose free access, the full report unlocks automatically after 24 hours.

Free full report in 24hContract: 0x9bA0CF1588E1...

Pay for Instant Report

Preliminary AI Breakdown

Free demo view while agents continue verification

Attack explanation

The current public view is a preliminary investigation. The alert identifies a TrustedVolumes resolver victim contract, an exploiter wallet, an exploit transaction, and about $5.87M extracted across WETH, USDT, WBTC, and USDC.

Root cause analysis

Root cause is still under investigation. Early public signals point to a different vulnerability from the March-2025 1inch Fusion V1 incident, likely in a TrustedVolumes-controlled custom RFQ swap proxy.

confidence score

Ongoing exploit under investigation

Wallet Flow Visualization

Victim resolver, RFQ proxy, exploit transaction, exploiter, and extracted assets

trustedvolumes flow

Victim

TrustedVolumes resolver

Exploit tx

0xc5c6...0513

Exploiter

0xC3EB...9100

Extracted

~$5.87M

Victim Resolver 0x9bA0...Da31

Custom RFQ Proxy 0xeEeE...756

Exploit Tx 0xc5c6...0513

Exploiter 0xC3EB...9100

WETH 1,291.16

USDT 206,282

WBTC 16.939

USDC 1,268,771

Technical Breakdown

ongoing exploit technical readout

The alert indicates an active exploit against a TrustedVolumes resolver used in the 1inch market maker/resolver flow. Current evidence points to a TrustedVolumes-controlled custom RFQ swap proxy as the likely vulnerable execution surface. This is tracked as a different vulnerability from the March 2025 1inch Fusion V1 incident, while preserving operator-overlap as an attribution lead.

Attack path hypothesis

Exploiter interacts with the resolver/proxy path, abuses swap execution assumptions, then extracts liquid assets from the resolver-controlled flow.

Extracted assets

1,291.16 WETH

206,282 USDT

16.939 WBTC

1,268,771 USDC

Immediate action

Isolate resolver permissions, revoke unsafe proxy routes, monitor exploiter outflows, and notify liquidity partners before broader routing resumes.

Evidence map

Victim resolver

0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31

Custom RFQ proxy

0xeEeEEe53033F7227d488ae83a27Bc9A9D5051756

Exploiter

0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100

Exploit tx

0xc5c61b3ac39d854773b9dc34bd0cdbc8b5bbf75f18551802a0b5881fcb990513

Attack vector

Resolver exploit through custom RFQ swap proxy

Vulnerability

Potential unsafe swap-proxy execution path under active review

Affected contracts

0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa310xeEeEEe53033F7227d488ae83a27Bc9A9D50517560xc5c61b3ac39d854773b9dc34bd0cdbc8b5bbf75f18551802a0b5881fcb9905130xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100

Mitigation suggestions

Monitor the victim resolver and custom RFQ proxy until final report is ready

Track exploiter outflows from 0xC3EBD...89100 across swaps, bridges, and exchanges

Request instant paid analysis for transaction-level trace, token movements, and operator overlap

Emergency Bridge

Move funds off Ethereum

Powered byLI.FI

If your assets are at risk on Ethereum, bridge them to a safer chain immediately via LI.FI — the cross-chain aggregator covering 60+ chains and all major Solana bridges.

From (at risk)

Ethereum

Bridge to

Best Route via LI.FI

Ethereum → Ethereum

Mayan Swift • Across • Glacis aggregated

Est. Fee

~$0.50

Open LI.FI Bridge

60+ chains · gasless swaps on Solana · Jito bundles

60+

Chains

$2B+

Volume

20+

Bridges

Exploit Timeline

3h ago

Ongoing exploit detected

Scout Agent ingests a Blockaid-style alert for an active TrustedVolumes resolver exploit on Ethereum.

2h ago

Public demo summary opened

NullTrace published a free preliminary page while the investigation continues.

1h ago

Related tweets collected

Reporter Agent links the victim contract, exploiter wallet, exploit transaction, and trusted researcher posts.

now

Forensic report pending

Instant report is available after payment; the full free report unlocks automatically after 24 hours.

Related Tweets

Demo X/Twitter integration for researcher posts, warnings, and fake-info checks

related tweets demo scan

NullTrace links social posts to the incident by contract mentions, protocol name, researcher credibility, and fake-loss detection tags.

Blockaid

@blockaid_ · 3h

Warning

Exploit detection identified an ongoing TrustedVolumes exploit. Victim resolver: 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31. Extracted so far: about $5.87M.

NullTrace Scout

@nulltrace_ai · 2h

Confirmation

We are investigating TrustedVolumes resolver activity on Ethereum. Free public summary is live; instant forensic report requires paid agent execution.

Maya Chen

@maya_sec · 1h

Researcher

The important pivot is the TrustedVolumes-controlled custom RFQ swap proxy, not the 1inch brand surface. Track the resolver and proxy independently.

Rumor Watch

@intel_filter · 44m

Fake Info Flag

Demo filter: posts claiming this is the same March-2025 Fusion V1 bug are unsupported. Same operator is plausible; vulnerability appears different.

suppressed by misinformation filter