1inch DEX Faces $5 Million Hack as Smart Contract Flaw Exposed

1inch, a popular decentralized exchange (DEX) aggregator, confirmed a $5 million cryptocurrency theft stemming from a smart contract vulnerability. The breach, which came to light on March 5, 2025, targeted specific resolvers utilizing outdated Fusion v1 contracts.

While the exploit resulted in substantial losses, 1inch has reassured users that end-user assets remain unaffected, offering a layer of relief amid the unsettling news. The platform swiftly acknowledged the issue and is now rallying to address the fallout while bolstering its defenses.

The hack’s details emerged through a combination of 1inch’s internal findings and an onchain investigation conducted by blockchain security firm SlowMist. Their analysis revealed that the attacker made off with 2.4 million USDC and 1,276 Wrapped Ether (WETH) tokens.

These figures underscore the scale of the breach, which exploited a weakness in the Fusion v1 implementation—a system that resolvers, entities responsible for executing orders, had integrated into their own contracts. Although the vulnerability was made public a day after its discovery, the damage had already been done, leaving 1inch to pick up the pieces.

Efforts to Mitigate and Recover from the Breach

In response, 1inch has taken decisive steps to contain the situation. The platform emphasized that only resolvers relying on the outdated Fusion v1 contracts were impacted, sparing everyday users from financial harm.

A spokesperson from 1inch stated that the team is collaborating closely with affected resolvers to reinforce their systems, urging all parties to conduct immediate audits and updates to their contracts. To prevent future incidents, 1inch has also rolled out bug bounty programs aimed at identifying and resolving any lingering vulnerabilities while exploring avenues to recover the stolen funds.

The road to recouping the $5 million, however, appears challenging. Historical precedent in the crypto world suggests that recovery often hinges on the attacker’s willingness to negotiate. In some cases, such as the crypto lender Shezmu, compromised protocols have successfully retrieved funds after offering hackers a “white hat” bounty—typically around 10% of the stolen amount—as an incentive to return the rest. Whether 1inch can strike a similar deal remains uncertain, but the platform’s proactive stance signals a commitment to minimizing the breach’s long-term impact.