DeFi aggregator 1inch has fallen victim to a $5 million exploit targeting its outdated resolver smart contract, as reported by blockchain security firm SlowMist. The attack, which primarily affected resolvers still using the obsolete Fusion v1 framework, resulted in the loss of 2.4 million USDC and 1,276 WETH.
SlowMist founder Yu Xian clarified that regular users remained largely unaffected, while impacted resolvers suffered significant financial damage.
On March 6, 1inch officially acknowledged the breach, confirming that only outdated resolver contracts had been compromised. The platform reassured its community that user funds remained secure and immediately launched an initiative to assist affected resolvers in updating their contracts to prevent future exploits. In response, 1inch introduced a bug bounty program, offering rewards ranging from $100 to $500,000 to enhance security and gather insights into vulnerabilities. At the time of reporting, the bounty program had received 58 submissions, with $200 already awarded.
Despite the exploit, 1inch continues to maintain a strong position in the DeFi space. According to Messari’s latest report, the platform facilitated 38.2% of all DEX volume routed through aggregators in Q4 2024. However, competition from Odos and CoWSwap led to a 10% quarter-over-quarter decline in market share. Still, 1inch’s total decentralized exchange (DEX) trading volume surged by 104% over the same period, rising from $493.5 billion to $1.09 trillion.
Ethereum remained the dominant blockchain for 1inch transactions, accounting for 66% of the Aggregation Protocol’s volume. Coinbase-backed Base secured the second position with an 11% market share, surpassing Arbitrum, which dropped from 14% to 10%. Together, these three networks contributed 87% of the platform’s total volume.
0 Comments