1inch Hacker Refunds $5M After Settlement, Keeps Bounty
- A hacker exploited a flaw in the outdated Fusion v1 resolver, stealing $5 million in USDC and WETH.
- 1inch and the affected resolver negotiated with the attacker, leading to the return of most funds through a bug bounty agreement.
Decentralized exchange aggregator 1inch faced a major security breach last week when its smart contracts were exploited. However, after discussions with the attacker, the platform managed to reclaim most of the stolen $5 million through a bug bounty agreement, confirming the successful recovery.
On March 5, 1inch found a flaw in the exchanges resolvers, which handled trades. It came from the old Fusion v1 system and was shared publicly the next day. Many claimed the hack happened due to the platforms outraged smart contracts. However the company gave a proper explanation as to how the hack happened.
A Blockchain security firm SlowMist has conducted an on-chain investigation and discovered that the hacker absconded with 2.4 million USDC and 1,276 Wrapped Ether (WETH) tokens. The vulnerability stemmed from a data corruption issue in the order suffix processing, allowing the attacker to overwrite the parser address and call any parser, resulting in a loss of funds for the market maker TrustedVolume.
1inch Hacker Returns Funds After Bug Bounty Deal
The breach led 1inch and the affected resolver to negotiate directly with the hacker to recover the stolen money. The talk focused on a bug bounty deal, where attackers return assets in exchange for a reward for finding the exchange security flaws.
According to Decuritys report, the hacker agreed to give back most of the funds while keeping the bounty. This method has become more common in crypto security cases, with similar incidents in the past. 1inch confirmed the funds were returned, to prevent further losses.
However, the platform stressed the need for resolvers to update their contracts to avoid future attacks, urging them to audit and strengthen their systems.This is the second security breach 1inch has faced in the last six months. In October 2024, the platform faced a front-end attack due to a supply chain vulnerability.
This latest incident underscores the ongoing threats DeFi platforms face and the need for constant monitoring and quick response strategies to protect users and their assets. It also stresses the importance of regular smart contract audits, early vulnerability detection, and stronger validation measures to prevent future attacks.
Related Reading | Bitcoins Fate Hinges on $84K: Breakout or Devastating Breakdown Ahead?
Read more: https://www.tronweekly.com/1inch-hacker-refunds-5m-after-settlement-keeps-bounty/
Text source: TronWeekly
