1inch recovers 5 million after smart contract breach

Decentralized exchange (DEX) aggregator 1inch experienced a critical breach of its smart contracts last week. However, following negotiations with the hacker, the exchange successfully recovered most of the $5 million stolen.

Despite the recovery, the attack highlights the ongoing security challenges within the DeFi ecosystem. 1inch experienced this particular breach on March 5. Investigators attributed it to a vulnerability in an outdated version of the platform’s smart contract. After discussions and a generous bug bounty, the attacker returned the funds.

1inch explained in the March 7 blog that the breach was caused by a flaw in the FusionHTOO-- v1 resolver smart contract, an obsolete platform component. The team detected the incident at approximately 6 PM UTC on March 5. Attackers exploited outdated logic within Fusion v1 to execute unintended transactions.

Notably, no end users were directly affected, as the attack targeted a third-party market maker, TrustedVolumes. Upon discovering the breach, 1inch swiftly redeployed its resolver contracts as a precautionary security measure, preventing further exploits.

According to Decurity’s postmortem report, the hacker initiated an on-chain message following the attack. They requested a bug bounty in exchange for returning the stolen funds. TrustedVolumes, the affected market maker, entered negotiations with the attacker, leading to a successful resolution.

This resolution marks a rare instance in which a DeFi exploit resulted in the voluntary return of stolen assets. It reflects the growing trend of ethical hacking and white hat negotiations in the DeFi industry. This incident marks the second time in six months that 1inch has faced a security breach. In October 2024, the platform suffered a front-end compromise due to a supply chain attack.

Also, it highlights the persistent risks DeFi protocols encounter. The latest hack is another reminder of the necessity for continuous monitoring and rapid response mechanisms to safeguard users and assets. This incident highlights the importance of continuous smart contract audits and proactive vulnerability detection. It also indicates the need for stronger validation mechanisms to prevent similar incidents in the future.