Blockchain research firm Blockaid has linked the attacker to a similar exploit in March 2025 that saw $5 million drained from 1inch. This time, 1inch has asserted that although they use TrustedVolumes as a resolver, the exploit did not involve any of their systems.
TrustedVolumes suffers $6.7 million exploit
TrustedVolumes, a resolver and market maker used by 1inch and other defi platforms, suffered a $6.7 million exploit after an attacker was able to steal funds without proper validation. The thief then swapped the stolen wETH, USDT, wBTC, and USDC through ChangeNow and converted them to ETH to evade freezes.
Ekubo exploited for $1.4 million
The Ekubo automated market maker infrastructure project experienced a $1.4 million theft after attackers were able to take advantage of a smart contract that improperly verified permissions. They stole 17 wBTC ($1.4 million), which they swapped for ETH and laundered via Tornado Cash.
Wasabi Protocol exploited for more than $5 million
The Wasabi Protocol defi derivatives platform has been exploited for more than $5 million across multiple blockchains. The attack has been attributed by blockchain security firms to a compromised admin key, which allowed the attacker to upgrade contracts to steal assets.
Volo Protocol exploited for $3.5 million, most recovered
The Sui-based Volo Protocol defi yield platform was exploited for around $3.5 million after an attacker targeted three vaults holding wBTC, XAUm (a tokenized gold asset), and the USDC stablecoin.
Volo says they have frozen or recovered all but around $60,000. They have also said they are "prepared to absorb this loss", rather than passing losses along to their users.
Aave faces approximately $200 million in bad debt after Kelp DAO bridge exploit
The Aave defi lending protocol is grappling with anywhere from $177 million to $236 million in bad debt after the Kelp DAO bridge exploiter used Aave to cash out their stolen rsETH. Rather than selling the tokens, the attacker used the rsETH as collateral to borrow wETH, leaving Aave stuck with the huge quantity of unbacked rsETH. Although Kelp and Aave both froze affected markets, the attacker had already cashed out. The attacker borrowed essentially all of the wETH available on the platform, leaving those who'd loaned those tokens unable to withdraw.
Aave maintains a $50 million insurance fund to absorb bad debt. However, this can't cover such a huge shortfall.
Kelp DAO bridge hacked for $292 million
An attacker stole 116,500 rsETH (restaked ether) from a blockchain bridge run by Kelp DAO. Based on prices at the time of the theft, the stolen tokens would be worth around $292 million — however, the attacker is likely to face challenges selling a quantity of tokens that amounts to 18% of rsETH's circulating supply.
When tokens are bridged from one chain to another, the tokens on the original chain are locked in the bridge smart contract while the token is used on the other chain, preventing its owner from double-spending the asset. With 116,500 locked rsETH now stolen, those using the token on other blockchains are now holding possibly unbacked tokens.
The rush for holders to offload their dubiously backed tokens is likely to worsen contagion throughout defi protocols, where those platforms could be left holding the bag. Some platforms, including Aave, Lido Finance, and Ethena, have paused markets involving rsETH to try to protect themselves.
This hack has set the new record for the largest defi hack in 2026, following the $285 million Drift exploit on April 1.
Rhea Finance exploited for $18.4 million, some recovered
Rhea Finance's lending product was exploited for around $18.4 million after an attacker took advantage of a bug in the platform's slippage protection feature. The stolen assets affected both platform and user funds.
Some of the stolen tokens were returned by the attacker to the protocol, and around $4.35 million USDT were frozen by its issuer, Tether. Altogether, around $10 million was recovered, leaving $8.4 million outstanding.
- RHEA Finance Protocol Incident, Rhea Finance
Drift exploited for $285 million
The Solana-based Drift defi perpetual futures exchange was exploited for $285 million. The project alerted the community on social media, writing: "Drift Protocol is experiencing an active attack. ... This is not an April Fools joke."
The project later described the exploit as "a novel attack involving durable nonces, resulting in a rapid takeover of Drift's Security Council administrative powers." Once the attacker had access to admin capabilities, they quickly eliminated risk management limits on the protocol and drained huge quantities of tokens, which they swapped to USDC and then ETH. The attack was attributed to extremely sophisticated social engineering, likely by North Korean hackers.
Some have criticized USDC's issuer, Circle, for not freezing the stolen funds during the six hours they were held in USDC. Unlike ETH, USDC is controlled by a centralized company that can, and regularly does, freeze assets determined to have been stolen or connected to illicit activity.
The theft is among the largest in defi history.
Balancer Labs shuts down after $110 million hack
After a November 2025 exploit in which $110 million was drained from the Balancer defi protocol, the company behind the project has announced it will shut down. Besides the massive loss, the hack also caused users to flee the protocol, and Balancer's total value locked quickly plummeted from around $775 million to around $300 million. It has continued to decline since, now hovering around $150 million.
Balancer co-founder Fernando Martinelli has said he strongly considered shutting down the protocol entirely, but ultimately decided to continue the project as it generates a relatively small amount of revenue. Instead, the project will move to being operated by a DAO and operating company, which Martinelli hopes will allow them to dodge "real and ongoing legal exposure" and "the liability of past security incidents".
Although another Balancer co-founder has optimistically presented this as "the start of a better chapter" for Balancer, it remains to be seen whether a skeleton crew will be able to revive the project.
Venus Protocol accumulates $2.15 million in bad debt after exploit
The BNB Chain's Venus Protocol lending protocol accumulated $2.15 million in bad debt after an exploiter manipulated the price of the Thena protocol's THE token. THE had very low liquidity, and the exploiter took advantage of it to manipulate the THE price oracle by borrowing against THE, using the borrowed funds to buy more THE, and repeating — causing the price oracle to reflect higher and higher prices. The attacker was able to avoid a supply cap on Venus by "donating" the funds rather than depositing them in the standard way.
While the exploit left the Venus Protocol with over $2 million in bad debt, it's not clear if the attacker even made money from the exploit. The exploiter's position was ultimately liquidated, collapsing the increase in THE price. However, it's possible the exploiter took advantage of the price discrepancy elsewhere to profit.
The Venus Protocol has had a number of issues in the past — notably in June 2023, when the team developing the BNB Chain had to intervene when the a thief borrowed $150 million on Venus against stolen tokens and then faced liquidation.