Key Takeaways:
- Trusted Volumes attacker returned 1,122 ETH to the protocol on July 18
- The attacker kept roughly $2 million as a de facto bounty settlement
- The partial return highlights ongoing DeFi security and negotiation challenges
Key Takeaways:

An attacker behind the Trusted Volumes exploit returned 1,122 Ether to the affected protocol while retaining roughly $2 million of the drained funds, on-chain trackers said, in what analysts described as a de facto bounty settlement.
"The partial return functions as an informal resolution — the attacker keeps a portion as a bounty while returning the majority," said Jason Wu, on-chain analyst at Edgen. "This pattern is becoming more common in DeFi as protocols weigh legal action against recovery negotiations."
The exploit targeted Trusted Volumes, a DeFi protocol on Ethereum, draining funds across multiple pools. On-chain data shows the attacker sent 1,122 ETH back to a wallet controlled by the protocol on July 18, while retaining approximately $2 million in other assets. The total value of the exploit has not been fully disclosed by the team.
The settlement raises questions about DeFi security norms and the precedent set when attackers negotiate partial returns. Unlike traditional finance, where stolen assets trigger law enforcement involvement, DeFi protocols often face a binary choice: accept a partial recovery or pursue legal channels with uncertain outcomes. Trusted Volumes has not commented on whether it will pursue further action.
The incident adds to a growing list of DeFi exploits in 2026, where protocols have lost hundreds of millions of dollars to attackers exploiting smart contract vulnerabilities. Security firms have urged protocols to implement more rigorous auditing and real-time monitoring to detect suspicious activity before funds are drained.
This article is for informational purposes only and does not constitute investment advice.