TL;DR
- An attack exploited a vulnerability in 1inch’s smart contract, resulting in losses of over $5 million.
- The exploit primarily affected old contracts based on the Fusion v1 framework, while regular users did not suffer losses.
- 1inch has launched a bug bounty program to incentivize vulnerability research, offering rewards ranging from $100 to $500,000.
The DeFi ecosystem was shaken this week when blockchain security firm SlowMist reported that the DeFi aggregator 1inch suffered an exploit in its “resolver” smart contract, resulting in losses exceeding $5 million. According to Yu Xian, founder of SlowMist, the attackers drained approximately 2.4 million USDC and 1,276 Wrapped Ethereum (WETH) from the affected contracts. While most regular users were unaffected, the “resolver” contracts using the outdated Fusion v1 version were the primary targets of the attack, which has raised concerns about the security of older contracts in the ecosystem.
1inch publicly acknowledged the exploit on March 6, stating that the vulnerability was identified the day before. The team clarified that only contracts with the old Fusion v1 implementation were compromised, leaving the funds of regular users safe. However, this incident has highlighted the need for keeping smart contracts up-to-date and auditing platforms to prevent vulnerabilities, especially as the DeFi space continues to grow.
1inch Strengthens Security and Launches Bug Bounty Program
In response to the attack, 1inch is taking steps to secure the affected systems and has launched a bug bounty program, encouraging security researchers to find new vulnerabilities. The rewards range from $100 to $500,000, depending on the severity of the findings. As of now, the team has received 58 reports and awarded $200 in bounties. This program aims to improve the security of the ecosystem and protect users from future incidents, ensuring the platform’s integrity in the face of rising threats.
Despite this setback, 1inch remains a key player in the DeFi sector. According to the latest report from Messari, the platform facilitated 38.2% of the decentralized exchange (DEX) trading volume in Q4 2024, highlighting its dominance in the industry.
However, its market share experienced a 10% decline compared to the previous quarter, as competitors like Odos and CoWSwap gained ground. Despite the decrease in market share, 1inch saw a 104% increase in its quarterly trading volume, reaching $1.09 trillion.
The market continues to evolve rapidly, and while security threats remain a concern, 1inch remains a crucial player in liquidity provision and order aggregation within the DeFi ecosystem, maintaining its position as a significant force in the space.
