Hackers steal nearly $6M in ETH and BTC from DeFi protocol Trusted Volumes via smart contract flaw

Hackers exploited a critical flaw in the Trusted Volumes DeFi protocol's signature validation, draining about $5.9 million in Ethereum, Wrapped Bitcoin, and stablecoins. The breach occurred due to a logical error in the protocol's fillOrder function, allowing attackers to bypass authorization and forge orders. The stolen assets include 1,291 ETH, 16.94 WBTC, 1.26 million USDC, and 206,000 USDT, which the attacker began laundering through decentralized exchanges. This incident highlights ongoing security risks in DeFi platforms reliant on complex smart contract logic.