Blockchain security firm SlowMist recently reported that the popular DeFi aggregator 1inch fell victim to an exploit in its resolver smart contract, resulting in losses exceeding $5 million. The exploit, which occurred on March 7, saw attackers drain approximately 2.4 million USDC and 1,276 Wrapped Ethereum (WETH) from the affected smart contract. SlowMist founder Yu Xian revealed that the attack primarily targeted resolvers utilizing the outdated Fusion v1 framework.
1inch quickly confirmed the breach on March 6, stating that the vulnerability was discovered in certain resolver smart contracts a day earlier. The team clarified that only resolver contracts running the obsolete Fusion v1 implementation were impacted, and reassured users that their funds remained secure, with losses limited to affected resolvers. Following the incident, 1inch initiated efforts to assist impacted resolvers in securing their systems and urged all resolvers to audit and update their contracts to prevent further attacks.
Resolvers play a crucial role in the 1inch ecosystem, acting as automated algorithms that assess which orders to fulfill and provide liquidity to 1inch swappers. While specific financial losses were not disclosed, 1inch has introduced a bug bounty program to gather more insights into the incident, offering rewards ranging from $100 to $500,000. As of now, the platform has received 58 submissions and paid out $200 in bounties.
Despite this setback, 1inch continues to be a dominant player in the DeFi sector, as highlighted in Messari’s latest report. The platform facilitated 38.2% of all DEX volume routed through aggregators on supported blockchains in the fourth quarter of 2024. However, its market share saw a 10% decrease quarter-over-quarter as competitors Odos and CoWSwap gained traction.
Nevertheless, 1inch’s DEX trading volume surged by 104% quarter-over-quarter, reaching $1.09 trillion. The Aggregation Protocol, responsible for routing most trades on 1inch, experienced a 37% increase in daily average volume, reaching $369.7 million in Q4. Ethereum remained the dominant blockchain for 1inch transactions, accounting for 66% of the Aggregation Protocol’s volume. Coinbase-backed Base emerged as the second-largest chain with an 11% market share, surpassing Arbitrum.
Overall, 1inch continues to be a significant player in the DeFi space, despite the recent exploit. The platform’s efforts to bolster security and maintain user trust are commendable, and its strong performance in the market indicates resilience and potential for growth in the future.