DEX Aggregator 1inch Confirms $5M Hack Due to Smart Contract Breach

Highlights:

• A hacker exploited a smart contract flaw in 1inch and stole $5 million.
• 1inch launched a bug bounty program to fix security issues and urged resolvers to update contracts to prevent more hacks.
• The hack is a wake-up call for DeFi platforms to improve security to stop future attacks.

Decentralized exchange aggregator 1inch has lost $5 million in cryptocurrency after a hacker exploited a smart contract vulnerability. The platform confirmed the breach and identified that the attack targeted resolvers using the outdated Fusion v1 implementation.

1INCH BREACH EXPOSES SMART CONTRACT RISKS

$5M drained from 1inch due to a known vulnerability in outdated resolver contracts; regular users were untouched, but resolvers relying on Fusion v1 got exploited.

1inch is handling damage control—urging audits, rolling out a bug… pic.twitter.com/WESabS80P3

— Crypto Town Hall (@Crypto_TownHall) March 7, 2025

Blockchain security firm SlowMist revealed today that the hacker stole approximately 2.4 million USDC and 1,276 Wrapped Ethereum (WETH). The platform has clarified that funds belonging to regular users are safe, and the issue only affected resolver contracts running Fusion v1. The platform stated that it was in contact with affected resolvers to help secure their systems and urged all resolvers to audit and update their contracts as soon as possible.

According to our analysis, this incident resulted in a loss of 2.4 million $USDC and 1276 $WETH, totaling over $5 million.

— SlowMist (@SlowMist_Team) March 7, 2025

Efforts Taken to Recover From the Hack

1inch has come up with a bug bounty program to find and fix vulnerabilities. The rewards vary from $100 to $500,000, depending on how severe the problem is. 1inch has already received submissions and has paid out the bounties to participants. Despite these efforts, the possibility of recovering the stolen funds remains uncertain unless the hacker agrees to return them.

Some hackers have returned most of the stolen funds in the past through a whitehat bounty and kept the rest. However, there is no hint the 1inch hacker will do the same thing. The platform is still closely monitoring the situation and has made suggestions to all resolvers to roll out additional security measures to prevent any further exploits.

The hack follows days after 1inch added support for ZKsync, a layer 2 scaling solution for Ethereum. The aim of integrating ZKsync is to increase the speed of transactions and to decrease gas fees when swapping assets between networks.

1inch cross-chain swaps now on ⁦@zksync⁩ https://t.co/BLspHPRqNY

— Marco (∎, ∆) (@Be1garat) March 1, 2025

Security Concerns in the Broader Industry

The 1inch exploit indicates a growing security problem with smart contracts. Although 1inch has made efforts to prevent further breaches, there are many security concerns within the cryptocurrency ecosystem at large. Despite the industry’s best efforts to prevent such breaches, the recent $1.5 billion Bybit hack became one of the largest in crypto history.

Despite losing a significant amount, Bybit was able to allow users to withdraw funds by securing loans from other crypto companies, which they later repaid. In only ten days, the hackers were able to launder almost $1.4 billion in stolen funds.

1inch has proved to be a prominent player in decentralized finance despite having a security breach. According to Messari, 1inch was responsible for 38.2% of all the volume routed through aggregators in the last quarter of last year. However, its market share fell 10% as newer competitors like Odos and CoWSwap increased their shares. However, its trading volume grew by 104% quarter on quarter to hit $1.09 trillion.

The security challenges that DeFi faces today mean there is a continuous need to improve both smart contract security and system audits. As 1inch works to improve its platform, the crypto industry, in general, is dealing with an increasing sophistication in cyberattacks.