Resolvers impacted by $5m exploit in deprecated 1inch Fusion v1 Settlement contract
The exploit did not directly impact 1inch itself
On March 5, 1inch, a decentralized exchange (DEX) aggregator, confirmed that resolvers impacted by exploit in deprecated 1inch Fusion v1 settlement contract. They suffered a $5 million loss following a hack that exploited a vulnerability in smart contract system.
The exploit did not directly impact 1inch itself. The attack specifically targeted resolvers—independent third-party participants interacting with the Fusion protocol.
Key Takeaways
- 1inch Fusion v1 settlement contract suffered a $5M hack due to an outdated smart contract vulnerability affecting resolvers using Fusion v1 contracts.
- The exploit did not directly impact 1inch itself.
- The stolen funds included 2.4M USDC and 1,276 Wrapped Ether (WETH), but no end-user assets were impacted.
- 1inch is working with affected resolvers to secure their systems and has initiated a bug bounty program to address vulnerabilities.
- The recovery of stolen funds remains uncertain, as past cases show the complexities of tracking and retrieving stolen crypto.
The attack affected resolvers, entities responsible for filling orders, which were using outdated Fusion v1 contracts. Despite the breach, 1inch assured users that their assets remained secure, and no end-user funds were lost. The platform has since warned resolvers to audit and update their contracts to avoid further vulnerabilities.
Loading...
How the hack unfolded
The vulnerability originated from the deprecated 1inch Settlement v1 contract, which had been phased out and was no longer in active use. Some resolvers who continued using the outdated contract without implementing additional security measures were affected.
Blockchain security firm SlowMist conducted an on-chain investigation and discovered that the hacker had made off with 2.4 million USDC and 1,276 Wrapped Ether (WETH) tokens. The stolen funds were traced back to resolvers using Fusion v1 contracts in their operations. To prevent future exploits, 1inch has initiated a bug bounty program to help identify and secure any potential system weaknesses. The company is also working closely with the affected resolvers to help secure their platforms and recover the stolen funds.
Potential recovery and industry lessons
The recovery of stolen funds is uncertain, as it depends on the willingness of the hacker to return the assets. In the past, some crypto protocols have successfully recovered funds when attackers agreed to retain a portion as a white hat bounty. However, high-profile hacks like the $1.5 billion Bybit breach, attributed to North Korean hackers, demonstrate the complexities of asset recovery, especially when attackers use cross-chain swaps and mixers to launder the stolen funds.
1inch price. Source: СoinGecko
The 1inch hack serves as a reminder of the ongoing security challenges faced by the crypto industry and highlights the need for continuous vigilance in auditing and updating smart contracts. As decentralized finance (DeFi) continues to grow, securing the underlying infrastructure remains a critical concern for platform operators and users alike.
Read also: Cardano price may hit $2 with crypto reserve addition
