1inch Smart Contract Exploit Results in $5 Million Losses
Recently, blockchain security firm SlowMist reported that popular DeFi aggregator 1inch fell victim to an exploit in its resolver smart contract, leading to losses exceeding $5 million.
Attack Details
- Attackers drained approximately 2.4 million USDC and 1,276 Wrapped Ethereum (WETH) from the affected smart contract.
- Regular users were mostly unaffected, with the exploit mainly targeting resolvers using the outdated Fusion v1 framework.
Confirmation and Response
1inch acknowledged the exploit on March 6, revealing that only resolver contracts running the obsolete Fusion v1 implementation were impacted. They assured users that their funds were safe, with losses limited to affected resolvers.
Security Measures
- 1inch is assisting impacted resolvers in securing their systems following the incident.
- The platform encourages all resolvers to audit and update their contracts to prevent future attacks.
Bug Bounty Program
1inch has introduced a bug bounty program to gather insights into the incident and enhance security. The program offers rewards ranging from $100 to $500,000, with 58 submissions received so far.
1Inch Ecosystem Growth
Despite the security breach, 1inch remains a prominent player in the DeFi sector, according to Messari’s latest report.
Market Performance
- 1inch facilitated 38.2% of all DEX volume routed through aggregators on supported blockchains in Q4 2024.
- Market share dropped by 10% quarter-over-quarter due to rising competition.
- DEX trading volume surged by 104% quarter-over-quarter, reaching $1.09 trillion.
Blockchain Dominance
Ethereum led as the dominant blockchain for 1inch transactions, accounting for 66% of the platform’s volume. Coinbase-backed Base emerged as the second-largest chain, contributing to 11% of the total volume.