1inch successfully recovers most of the stolen $5 million.
1inch recently experienced a serious security breach that led to the theft of millions in digital assets. Fortunately, after quick talks with the hacker, the platform was able to recover most of the stolen funds.
The hacker agreed to return a large part of the money, keeping some as a bug bounty for their help. This event highlights the weaknesses in decentralized finance (DeFi) and the rise of ethical hacking.
The breach happened on March 5 due to a flaw in an old version of the platform’s Fusion v1 resolver smart contract. The attackers used this weakness to make unauthorized transactions. Importantly, the breach did not directly impact 1inch users but targeted a third-party market maker called TrustedVolumes. Once the attack was detected, 1inch quickly redeployed its resolver contracts to stop further issues.
The security firm Decurity investigated the attack and found that the hacker sent an on-chain message right after the exploit. They suggested returning the funds for a reward. This led to a rare situation where the hacker willingly returned a large portion of the stolen assets. This shows a change in how DeFi handles security, where negotiations with white-hat hackers can be more effective than traditional recovery methods.
Although this incident ended positively, it was the second major security issue for 1inch in six months. Earlier, in late 2024, the platform faced a front-end compromise due to a supply chain attack, which exposed users to phishing risks. These ongoing security problems highlight the need for regular smart contract audits and quick response strategies.
In light of the recent attack, 1inch is urging all resolvers to upgrade to Fusion v2, which has better security features. The company is also improving its internal auditing processes to better protect against future threats. Despite recovering the stolen assets, this incident serves as a reminder of the ongoing risks in decentralized finance.
