1inch Confirms $5M Hack After Smart Contract Exploit Decentralized exchange aggregator 1inch lost $5 million in cryptocurrency after an attacker exploited a vulnerability in smart contracts. The platform confirmed the hack but reassured that end-user funds were not impacted. On March 5, 1inch found the vulnerability that was affecting resolvers—entities responsible for filling orders—that utilized the outdated Fusion v1 implementation. The vulnerability was made public a day later. Tracing the $5M 1inch Hack Blockchain security firm SlowMist traced the hacked funds on March 7, and the hacker got away with 2.4 million USDC and 1,276 Wrapped Ether (WETH) tokens. 1inch clarified that only resolvers that used Fusion v1 were affected, and stated: “We’re actively working with affected resolvers to secure their systems. We urge all resolvers to audit and update their contracts immediately.” To prevent future attacks, the platform initiated bug bounty programs to detect and patch potential vulnerabilities, and to pursue the recovery of the hacked funds. Recovery Prospects Appear Slim The prospects for the recovery of the hijacked assets appear dim unless the attacker voluntarily returns the assets. Previously, some hijacked protocols recovered funds when hackers accepted white hat bounties, typically after retaining 10% of the hacked assets as a reward. Nevertheless, not all hacks have been resolved in this manner. Crypto’s largest-ever heist, the $1.5 billion Bybit hack, had North Korean hackers successfully siphoning funds off despite extensive community attempts to claw them back. Bybit’s Road to Recovery Despite the scale of the financial loss, Bybit managed to continue uninterrupted user withdrawals by borrowing emergency funds from other crypto companies, which were later repaid. The Bybit hackers washed $1.4 billion in stolen assets within a 10-day period. However, blockchain analysts believe that even with several asset swaps, a portion of the funds may still be traceable. According to Deddy Lavid, CEO of blockchain security firm Cyvers: “Although mixing and crosschain swapping complicates recovery, cybersecurity firms leveraging onchain intelligence, AI-based models, as well as collaboration with exchanges and regulators, still have slim opportunities to trace and even freeze assets.” The exploit also drove increased activity on THORChain, a crosschain swap protocol reportedly utilized by the Bybit hackers in an effort to anonymize their transactions. Securing DeFi The 1inch exploit highlights the ongoing security threats to decentralized finance (DeFi) platforms. As platforms work to mitigate risks, the importance of ongoing contract audits and security reinforcements remains paramount in preventing further exploits.
