1inch Network lost $5 million in cryptocurrency when a hacker exploited a smart contract vulnerability

On March 5, 1inch identified a vulnerability affecting resolvers — entities that fill orders — using the outdated Fusion v1 implementation

Decentralized exchange aggregator 1inch lost $5 million in cryptocurrency when a hacker exploited a smart contract vulnerability, the platform confirmed.

On March 5, 1inch identified a vulnerability affecting resolvers — entities that fill orders — using the outdated Fusion v1 implementation, which was made public a day later.

The issue was patched on March 7, and no further issues were detected. However, a hacker managed to siphon funds from several resolvers before the patch was deployed.

According to blockchain security firm SlowMist, the hacker got away with 2.4 million USDC and 1276 WETH tokens.

The hack saw funds stolen only from resolvers using Fusion v1 in their own contracts, and end-user funds were safe, 1inch noted.

The platform announced bug bounty programs to secure any other underlying system vulnerabilities and recover the stolen funds.

The North Korean hackers behind the $1.5 billion Bybit hack — dubbed crypto’s largest-ever heist — were successful in siphoning the entire amount despite coordinated efforts by the crypto community to recover the losses.

The hackers stole various amounts of liquid-staked Ether (STETH), Mantle Staked ETH (mETH) and other ERC-20 tokens from Bybit.

Despite the sudden loss of funds, Bybit managed to allow its users seamless withdrawal of their funds by quickly taking loans from other crypto companies, which were repaid at a later date.

It took 10 days for the Bybit hackers to launder $1.4 billion worth of stolen cryptocurrencies. Some of the laundered funds may still be traceable despite the asset swaps, according to Deddy Lavid, co-founder and CEO of blockchain security firm Cyvers:

Among the platforms used by the hackers were crosschain swap protocols, such as THORChain, which experienced a surge in activity post-Bybit hack.