1inch, a well-known platform in decentralized finance, recently faced a severe security issue resulting in the theft of significant funds. The incident highlighted vulnerabilities in DeFi and the rising role of ethical hackers.
Incident Details
The breach occurred on March 5 due to a vulnerability in an old version of the Fusion v1 resolver smart contract. Hackers exploited this weakness for unauthorized transactions. Notably, the breach did not directly affect 1inch users but targeted a third-party market maker called TrustedVolumes. Once the attack was detected, 1inch promptly redeployed its resolver contracts to prevent further issues.
Role of Hacker and Fund Recovery
The security firm Decurity investigated the attack and found that the hacker sent an on-chain message right after the exploit, proposing to return the funds for a reward. This led to a rare situation where the hacker willingly returned a large portion of the stolen assets, retaining some as a bounty for identifying the vulnerability. This indicates a shift in DeFi security approaches, where negotiations with ethical hackers can be more effective than traditional recovery methods.
Implications and Future Lessons
Although the incident ended positively, it was the second major security issue for 1inch in six months. Earlier, in late 2024, the platform faced a front-end compromise due to a supply chain attack, exposing users to phishing risks. These ongoing security issues highlight the need for regular smart contract audits and rapid response strategies. 1inch is urging all parties to upgrade to the Fusion v2 version, which has enhanced security features, and is enhancing its internal auditing processes to better defend against future threats.
Despite the successful recovery of the stolen assets, the incident serves as a reminder of the ongoing risks in decentralized finance and underscores the importance of stringent security measures and rapid threat response.
