1inch Hacker Returns $5 Million Stolen Funds After Negotiation

Decentralized exchange (DEX) aggregator 1inch experienced a critical breach of its smart contracts last week. However, following negotiations with the hacker, the exchange successfully recovered most of the $5 million stolen.

Despite the recovery, the attack highlights the ongoing security challenges within the DeFi ecosystem.

1inch Recovers Most of Its Stolen Funds

1inch experienced this particular breach on March 5. Investigators attributed it to a vulnerability in an outdated version of the platform’s smart contract. After discussions and a generous bug bounty, the attacker returned the funds.

“After negotiations with the hacker, most of the $5 million stolen from 1inch has been returned, with the hacker keeping a portion as a bug bounty,” WuBlockchain reported, citing Decurity’s postmortem report.

1inch explained in the March 7 blog that the breach was caused by a flaw in the Fusion v1 resolver smart contract, an obsolete platform component. The team detected the incident at approximately 6 PM UTC on March 5.

Attackers exploited outdated logic within Fusion v1 to execute unintended transactions.

Notably, no end users were directly affected, as the attack targeted a third-party market maker, TrustedVolumes. Upon discovering the breach, 1inch swiftly redeployed its resolver contracts as a precautionary security measure, preventing further exploits.

According to Decurity’s postmortem report, the hacker initiated an on-chain message following the attack. They requested a bug bounty in exchange for returning the stolen funds.

TrustedVolumes, the affected market maker, entered negotiations with the attacker, leading to a successful resolution.

This resolution marks a rare instance in which a DeFi exploit resulted in the voluntary return of stolen assets. It reflects the growing trend of ethical hacking and white hat negotiations in the DeFi industry.

Security Remains a Major Challenge for 1inch

This incident marks the second time in six months that 1inch has faced a security breach. In October 2024, the platform suffered a front-end compromise due to a supply chain attack.

Also, it highlights the persistent risks DeFi protocols encounter. The latest hack is another reminder of the necessity for continuous monitoring and rapid response mechanisms to safeguard users and assets.

Despite the recovery, the 1INCH price has only gone up by a modest 1.12% since Sunday’s session opened and was trading for $0.23 as of this writing.

This incident highlights the importance of continuous smart contract audits and proactive vulnerability detection. It also indicates the need for stronger validation mechanisms to prevent similar incidents in the future.