1inch Stock Plummets 5 Million After Smart Contract Exploit

1inch, a decentralized exchange aggregator, recently experienced a significant exploit resulting in a loss of approximately $5 million. The incident was attributed to a vulnerability in an outdated smart contract, specifically the FusionHTOO-- contract. This exploit underscores the ongoing challenges faced by decentralized finance (DeFi) platforms in maintaining secure and up-to-date smart contracts.

The exploit was first disclosed by 1inch, which acknowledged that the old version of the Fusion contract contained a vulnerability that led to the financial loss. The exact nature of the vulnerability has not been detailed, but it highlights the importance of regular updates and security audits for smart contracts. The incident serves as a reminder to the DeFi community about the risks associated with using outdated or unsecured smart contracts.

On March 7, the founder of blockchain security firm SlowMist, Yu Xian, revealed that attackers drained approximately 2.4 million USDC and 1,276 Wrapped Ethereum (WETH) from the affected smart contract. He clarified that regular users were largely unaffected, but resolvers utilizing the outdated Fusion v1 framework bore the brunt of the attack. 1inch confirmed the breach, stating that the vulnerability was discovered in certain resolver smart contracts a day earlier. The team confirmed that only resolver contracts running the obsolete Fusion v1 implementation were impacted. They reassured users that their funds remained secure, with losses limited to affected resolvers.

Following the incident, 1inch launched efforts to assist impacted resolvers in securing their systems. The platform also urged all resolvers to audit and update their contracts to prevent further attacks. Resolvers play a crucial role in the 1inch ecosystem. These automated algorithms assess which orders to fulfill and act as market makers, providing liquidity to 1inch swappers. Although the platform did not disclose specific financial losses, it has introduced a bug bounty program to gather more insights into the incident. The program offers rewards between $100 and $500,000. At the time of writing, 1inch received 58 submissions and paid $200 in bounties.

Industry leaders and security experts have emphasized the need for continuous monitoring and improvement of smart contract security. The exploit on 1inch is not an isolated incident, as other DeFi platforms have also faced similar challenges. The incident has sparked discussions within the community about the best practices for smart contract management and the importance