Decentralized exchange aggregator 1inch recently faced a significant security breach, resulting in the loss of $5 million. The exploit targeted a vulnerability in the Fusion v1 smart contract, specifically affecting resolvers—independent entities responsible for filling orders. citeturn0search0
Incident Overview
On March 5, 2025, 1inch identified a vulnerability in the outdated Fusion v1 implementation used by some resolvers. The following day, this information was made public, highlighting the urgency for resolvers to audit and update their contracts. citeturn0search0
A blockchain security firm conducted an on-chain investigation, revealing that the hacker absconded with 2.4 million USDC and 1,276 Wrapped Ether (WETH) tokens. Notably, end-user funds remained unaffected; the breach solely impacted resolvers utilizing Fusion v1 in their contracts. citeturn0search0
Negotiation and Recovery
In a collaborative effort, 1inch and the affected resolver engaged in direct negotiations with the hacker. The discussions culminated in a bug bounty agreement, a strategy where attackers return stolen assets in exchange for a portion of the funds as a reward for identifying vulnerabilities. Consequently, the hacker agreed to return the majority of the stolen funds, retaining only the agreed-upon bounty amount. citeturn0search0
Emphasis on Audits
This incident underscores the critical importance of regular audits and timely updates in smart contract security:
- Proactive Audits: Regular security audits can identify vulnerabilities before they are exploited, safeguarding assets and maintaining trust.
- Timely Updates: Ensuring that all components of a platform are up-to-date minimizes exposure to known vulnerabilities.
1inch's proactive approach in addressing the vulnerability and engaging with the hacker highlights the effectiveness of prompt audits and updates in mitigating potential losses.
The 1inch exploit serves as a stark reminder of the ever-present risks in decentralized finance. It emphasizes the necessity for continuous audits and prompt updates to maintain the integrity and security of smart contracts. By prioritizing these practices, platforms can better protect their assets and uphold user trust.
.png)
