1inch, a decentralized exchange aggregator, recently fell victim to a hacking incident that resulted in the loss of $5 million in cryptocurrency. The platform confirmed that a hacker exploited a smart contract vulnerability, which allowed them to siphon off funds.
The vulnerability was identified on March 5 and was found to affect resolvers, which are entities responsible for filling orders. The issue stemmed from the use of an outdated Fusion v1 implementation. Following the discovery, 1inch promptly took action to address the vulnerability and informed the public about the incident a day later.
As a result of the hack, the hacker managed to abscond with 2.4 million USDC and 1,276 Wrapped Ether (WETH) tokens. Fortunately, 1inch clarified that the stolen funds were only from resolvers using the outdated Fusion v1 in their own contracts, and end-user funds remained secure. The platform is currently working with affected resolvers to enhance the security of their systems and has urged all resolvers to conduct audits and update their contracts promptly.
In an effort to mitigate the impact of the hack, 1inch has introduced bug bounty programs to identify and address any underlying system vulnerabilities and recover the stolen funds. However, the chances of recovering the stolen funds are slim unless the hacker agrees to return them. In previous cases, hackers have agreed to return some of the stolen funds as white hat bounties, but this outcome is not guaranteed.
This incident is reminiscent of the $1.5 billion Bybit hack, where North Korean hackers successfully siphoned off the entire amount despite efforts by the crypto community to recover the losses. Bybit managed to facilitate seamless withdrawals for its users by borrowing funds from other crypto companies and repaying them later. It took the hackers 10 days to launder $1.4 billion worth of stolen cryptocurrencies, but some of the funds may still be traceable.
Cybersecurity firms have been utilizing onchain intelligence, AI-driven models, and collaboration with exchanges and regulators to trace and potentially freeze assets laundered through mixers and crosschain swaps. THORChain, a crosschain swap protocol reportedly used extensively by the hackers in the Bybit hack, experienced a surge in activity following the incident.
Despite the challenges posed by cryptocurrency hacks and security breaches, the crypto community remains vigilant in addressing vulnerabilities and mitigating risks to protect user funds and maintain the integrity of the ecosystem.