BTC

$87546.72

3.60%

ETH

$1642.355

3.17%

XRP

$2.128

3.07%

BNB

$604.503

2.08%

DeFi

1inch Vulnerability Causes More Than $5 Million in Damages

2 mins mins
Key Points:
The 1inch vulnerability in the outdated Fusion v1 parser smart contract led to losses exceeding $5 million.
– 1inch is working with affected resolvers, urging contract audits and updates, while launching a bug bounty program offering up to $500,000 in rewards.

On March 5, blockchain security firm SlowMist identified suspicious transactions linked to 1inch, a decentralized exchange aggregator, with estimated losses of approximately $5 million.

The 1inch vulnerability was traced to a violation in its outdated Fusion v1 parser smart contract.

1inch Vulnerability Emerges Due to Smart Contract Exploit

According to SlowMist’s analysis, the exploit led to losses of around 2.4 million USDC and 1,276 WETH, surpassing $5 million in total. Despite the significant financial impact, the vulnerability did not directly compromise user funds. Instead, it affected resolver contracts utilizing Fusion v1, which play a crucial role in processing Fusion Swap orders.

In response, 1inch announced that its security team is actively working to mitigate risks and support affected resolvers. The platform urged all resolvers to conduct immediate audits and update their contracts to prevent further incidents.

Additionally, 1inch launched a bug bounty program offering rewards ranging from $100 to $500,000 to incentivize security researchers to identify and report vulnerabilities. As of the latest update, the platform has received 58 submissions and paid out $200 in bounties.

1inch bug bounty program
Rewards of bug bounty program. Source: 1inch

Resolvers are integral to 1inch’s ecosystem, acting as automated market makers that assess and fulfill swap orders. Ensuring their security is essential to maintaining the platform’s overall integrity and functionality.

Growing Cybersecurity Threats in the Crypto Industry

The 1inch vulnerability follows a broader trend of security breaches in the crypto industry, including a recent major hack on Bybit.

The centralized exchange reportedly lost over $1.4 billion in an attack linked to the North Korean Lazarus Group. That breach was attributed to a compromised developer’s computer, which allowed attackers to hijack an AWS session token and bypass multi-factor authentication, gaining unauthorized access to Safe Wallet’s infrastructure.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Rate this post
Follow us on Google News

1INCH

DeFi

Fusion v1

USDC

WETH

Avatar of John Kojo Kumi

John Kojo Kumi

07 March 2025, 13:17:00 GMT +0000

John Kojo Kumi is a cryptocurrency researcher and writer specializing in emerging startups, tokenomics, and market dynamics within the blockchain ecosystem. With years of experience in crypto journalism and blockchain research, he provides in-depth coverage of decentralized finance (DeFi), NFTs, and Web3 innovations.

He holds a Bachelor of Arts in Geography and Rural Development from Kwame Nkrumah University of Science and Technology, Kumasi, bringing a multidisciplinary perspective to the evolving digital asset space. As a Crypto News Writer, he tracks and reports on industry trends, while his role as a Registrar at the Commission on Human Rights and Administrative Justice reflects his commitment to governance and transparency.

His expertise spans content strategy, SEO optimization, and technical research, enabling him to craft insightful, data-driven analyses. Passionate about blockchain’s transformative potential, he strives to equip readers with the knowledge to navigate the complexities of digital assets and decentralized technologies.

Other Posts: