1inch DeFi platform loses $5 million in smart contract exploit

The decentralized finance (DeFi) platform 1inch is reporting a security breach when hackers exploited a vulnerability in the outdated Fusion v1 smart contract. The attack resulted in the theft of approximately $5 million worth of cryptocurrencies, 2.4 million USDC and 1,276 Wrapped Ethereum (WETH).

The security incident occurred when malicious actors identified and targeted weaknesses in the legacy code of Fusion v1, which is no longer actively supported by 1inch.

The platform claims that funds belonging to regular users were not affected by this breach. The exploit impacted resolver contracts that had failed to upgrade from the obsolete Fusion v1 implementation to the more secure Fusion v2 version.

Resolvers are third-party contracts or services that eecute trades on behalf of users by finding and utilizing the most efficient trading routes across multiple decentralized exchanges, implement specific business logic for trading operations. They can be developed by independent teams or projects integrating with 1inch.

1inch contactacted the affected resolvers to help secure their systems, urged all resolver contracts to audit and update to newer versions and launched a bug bounty program with rewards ranging from $100 to $500,000 to identify and fix vulnerabilities

The security breach has had an impact on 1inch's market position. At the time of reporting, the 1INCH token has declined  1.04% over 24 hours and 6.84% over the previous seven days.