| Key Points: – 1inch recovered most of the $5 million stolen in a smart contract exploit after negotiations with the hacker. – The 1inch hack was traced to outdated resolver versions in the Fusion v1 smart contract, impacting resolver entities but not regular users’ funds. |
Decentralized exchange aggregator 1inch has recovered the majority of the $5 million stolen in a recent security breach after negotiations with the hacker, who retained a portion as a bug bounty.
The 1inch hack, which occurred on March 5, 2025, was linked to a vulnerability in the Fusion v1 smart contract, primarily affecting outdated resolver versions.
Most of Stolen Funds Recovered After 1inch Hack
Blockchain security firm Decurity revealed that the attacker exploited a callback option vulnerability in the old 1inch Settlement contract. The flaw, originating from a data corruption issue in order suffix processing, enabled the hacker to manipulate the parser address and execute unauthorized transactions. The 1inch hack led to significant losses for the market-making entity TrustedVolumes.
According to SlowMist, another blockchain security company tracking the stolen assets, the attacker withdrew approximately 2.4 million USDC and 1,276 Wrapped Ether (WETH), pushing the total theft beyond $5 million. However, funds belonging to regular users remained unaffected, as 1inch assured that only resolver entities were impacted.
The vulnerability reportedly persisted despite prior security audits, stemming from code rewritten from Solidity to Yul in November 2022. It remained undetected in the system for over two years.
Following the exploit, the hacker initiated on-chain communication, asking, “Can I have bounty?” before entering negotiations with TrustedVolumes.
The attacker began returning the funds on the evening of March 5 and completed the process by early March 6, except for the agreed-upon bounty.
1inch Implements Security Measures to Prevent Future Attacks
In response to the breach, 1inch promptly collaborated with affected resolvers to mitigate risks and advised all resolvers to update their smart contracts. The company has also launched a bug bounty program to encourage ethical hackers to identify vulnerabilities before malicious actors can exploit them.
The 1inch hack had an immediate impact on 1INCH token, which dropped over 5% in value at the time the event was announced. The token is currently trading around $0.227, with a notable 35% decrease in trading volume over the past 24 hours, now at $16.42 million.
Following an internal investigation, Decurity highlighted key lessons from the incident, including the need to refine threat models, extend audit timelines for significant code changes, and verify deployed contracts more thoroughly.
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Other Posts
Latest
Trump-Backed USD1 Stablecoin Gains $18M Liquidity from DWF Labs
Press Release
AB Charity Foundation Launches Global Operations with Blockchain-Backed Public Good Framework
My Crypto Funding Wins Best Trading Conditions Among Crypto Prop Firms
