Decentralized exchange aggregator 1inch has become the latest victim in the ongoing wave of cryptocurrency security breaches, suffering an estimated loss of $1 million due to a vulnerability in its smart contract infrastructure. The breach, first detected on March 5, 2025, has raised fresh concerns about the security of DeFi platforms as hackers continue to exploit weaknesses in the rapidly evolving sector.
According to reports circulating on X and corroborated by blockchain security firm SlowMist, the exploit targeted an outdated version of 1inch’s Fusion v1 smart contract parser. Hackers leveraged this flaw to siphon off significant assets, with initial estimates suggesting losses of approximately 2.4 million USDC and 1,276 WETH—totaling over $5 million based on current market rates. However, some community sources, including posts on X, peg the damage closer to $1 million, reflecting uncertainty as investigations unfold. The discrepancy highlights the chaotic aftermath of such incidents, with official confirmation from 1inch still pending as of press time.
The breach appears to have originated from a flaw in how 1inch interacted with market maker (MM) contracts. A user on X noted that the root cause involved 1inch calling the “resolveOrders” function to transfer funds to its settlement contract. Many bots reportedly only verified the message sender as the settlement contract, leaving a gap that attackers exploited. This vulnerability impacted not only 1inch but also several smaller market makers, with losses for one prominent MM, Trusted Volumes, estimated at over $4.5 million, alongside an additional $0.5 million from others.
1inch, a platform renowned for optimizing trades across multiple decentralized exchanges, has yet to release an official statement detailing the breach’s scope or its response plan. However, the incident has already sparked a flurry of reactions within the crypto community. “Tough times don’t last, but tough teams do,” posted one X user, expressing optimism about 1inch’s ability to recover while urging caution among users. Others were less forgiving, with some questioning the platform’s security practices given the reliance on legacy code.
SlowMist’s analysis, shared on X, pinpointed suspicious transactions beginning March 5, underscoring the speed and sophistication of the attack. The firm’s findings suggest that the hackers meticulously exploited the outdated Fusion v1 parser, a remnant of 1inch’s earlier infrastructure that had not been fully phased out. This has led to renewed calls for DeFi projects to prioritize audits and timely updates to smart contracts, especially as the sector scales to handle billions in daily trading volume.
The financial toll of the breach remains under scrutiny. While SlowMist’s estimate of $5 million reflects the upper bound of reported losses, the $1 million figure cited by some X users may indicate a narrower focus on 1inch’s direct losses, excluding those of associated market makers. Regardless, the incident adds to a growing list of DeFi exploits in 2025, with the sector facing heightened scrutiny over its ability to safeguard user funds.
1inch’s native token, 1INCH, experiencing only a modest dip as traders await clarity. However, the breach could dent confidence in the platform, which has positioned itself as a leader in DeFi aggregation since its launch in 2019. Analysts suggest that the long-term impact will depend on 1inch’s transparency and the effectiveness of its mitigation efforts.
