1inch hacker returns most of the funds after receiving the bounty

2025-03-09 09:09:03

Collection

ChainCatcher news, according to the Decurity security team, the 1inch protocol suffered a serious DeFi attack on March 5, 2025, at 5 PM (UTC). The hacker exploited a callback option vulnerability in the old 1inch Settlement contract to obtain funds.

The vulnerability stemmed from a data corruption issue in the order suffix processing, allowing the attacker to overwrite the parser address and call any parser, resulting in a loss of funds for the market maker TrustedVolumes. According to the Decurity team's analysis, this vulnerability existed in the code that was rewritten from Solidity to Yul in November 2022. Despite being audited by multiple security teams, the vulnerability remained in the system for over two years.

After the incident, the attacker inquired through on-chain messages, "Can I get a bounty?" and subsequently negotiated with the victim, TrustedVolumes. After successful negotiations, the attacker began returning the funds on the evening of March 5 and ultimately returned all funds except for the bounty by 4:12 AM (UTC) on March 6.

As one of the auditing teams for Fusion V1, Decurity conducted an internal investigation into this incident and summarized several lessons learned, including clarifying the threat model and audit scope, requiring additional time for code changes during the audit period, and verifying deployed contracts, among others.

(Source Link)

Related tags

DeFi attacks vulnerabilities Decurity

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.