mt logoMyToken
ETH Gas
简体中文

Trusted Volumes Hacker Returns 1,122 ETH, Keeps $2M Bounty

收藏collect
分享share

A hacker tied to the Trusted Volumes exploit has returned 1,122 ETH to the protocol, closing part of a security incident that began with a multi-million-dollar exploit earlier this year.

The on-chain recovery is unusual because the attacker did not return everything. Instead, the wallet linked to the exploit sent back roughly $2 million worth of ETH while retaining another large amount as what now looks like a de facto bounty. That kind of outcome is familiar in DeFi , where projects sometimes negotiate with attackers after an exploit rather than risk losing the full amount forever.

The returned funds matter because they reduce the damage for the protocol and its users. But the structure of the settlement also shows how messy DeFi security remains. When smart contracts fail, the market often ends up relying on public pressure, wallet tracking, and informal negotiation rather than a clean legal process.

Reference: Etherscan

TL;DR

  • The Trusted Volumes attacker returned 1,122 ETH to the protocol inventory.
  • The exploit originally drained about $5.9 million through a smart contract vulnerability.
  • The attacker appears to have retained roughly $2 million as a bounty-style settlement.

What Happened With Trusted Volumes?

The exploit traces back to a vulnerability in Trusted Volumes’ RFQ swap proxy. According to the on-chain evidence, the May 7 attack drained approximately $5.9 million in assets through a signature-check bypass.

That is the kind of vulnerability that can be especially damaging in DeFi because it sits close to the execution layer of a protocol. If a swap proxy accepts an invalid or improperly checked instruction, an attacker may be able to move funds in a way the system was never meant to allow.

The important update now is the return of 1,122 ETH from the attacker wallet to protocol inventory. The primary source for the story is the wallet and transaction evidence on Etherscan, which shows the recovery leg of the movement.

This does not necessarily mean the protocol has been made whole. It means a meaningful part of the exploited funds has come back.

That distinction matters. A partial recovery can be better than nothing, but it still leaves users and the wider market asking why the vulnerability existed, how quickly it was detected, and whether the protocol has made changes to prevent a repeat.

Why DeFi Exploit Settlements Keep Happening

Crypto has developed a strange pattern around major exploits.

In traditional finance, a theft usually leads to police reports, frozen accounts, and court processes. In DeFi, the first response is often public wallet tracking. The attacker’s address gets labelled. On-chain analysts follow the movement of funds. Protocol teams may publish messages offering a bounty if the money is returned.

Sometimes attackers accept. Sometimes they disappear into mixers, bridges, or exchange routes. Sometimes they return a portion and keep the rest.

That appears to be the shape of this case.

The reason this happens is simple: blockchains make funds visible, but not always recoverable. If an attacker controls the private keys, the protocol cannot simply reverse the transaction. The best practical outcome may be to offer a settlement before the funds are moved further away.

That is uncomfortable, but it is also realistic.

For users, the lesson is that code risk is not abstract. Even protocols with real activity can suffer from a small implementation flaw that becomes a major loss. For developers, the lesson is even sharper: signature validation, access controls, proxy logic, and upgrade paths need aggressive review because attackers only need one weak point.

The Recovery Helps, But It Does Not Erase The Exploit

The return of 1,122 ETH is clearly positive for Trusted Volumes, but it should not be treated as a full reset.

An exploit still happened. Funds were still removed. The attacker still appears to have kept a significant sum. The protocol still needs to show that the underlying issue has been addressed and that users can trust the system going forward.

That matters because DeFi confidence is fragile after security incidents. Users may forgive a protocol that responds quickly, communicates clearly, and recovers funds. They are less forgiving when teams stay vague, downplay the incident, or fail to explain what changed.

The strongest next step for Trusted Volumes would be a clear post-mortem: what failed, how the attacker used it, how the contract logic has been fixed, and whether any user balances remain affected.

Until then, the market can recognise the recovery without pretending the episode is over.

This is also a useful reminder for the wider sector. DeFi security is not only about preventing hacks. It is about incident response, transparency, on-chain monitoring, and whether projects can recover enough trust after something goes wrong.

Trusted Volumes got some funds back. The harder job is proving the system is safer than it was before the exploit.

This article is based on Etherscan wallet and transaction data.

This article was written by the News Desk and edited by Samuel Rae.

This report is based on information released by Etherscan. at Etherscan

免责声明:本文版权归原作者所有,不代表MyToken(www.mytokencap.com)观点和立场;如有关于内容、版权等问题,请与我们联系。
更多精彩内容请查阅
X(https://x.com/MyTokencap)
或加入社区了解更多MyToken-官方华文电报群
https://t.me/mytoken_cn
相关阅读