1inch smart contract exploit results in over $5M in losses

The cryptocurrency industry has once again faced a major security challenge, with decentralised finance (DeFi) aggregator 1inch suffering an exploit in its smart contract. This led to over $5 million in losses.

The breach comes just a few weeks after crypto exchange Bybit experienced a massive hack that saw attackers steal around $1.5 billion worth of Ethereum ($ETH).

These breaches have raised concerns about security vulnerabilities in both decentralised and centralised platforms, highlighting the need for stronger security measures.

On 7 March, blockchain security firm SlowMist reported that 1inch’s resolver smart contract had been targeted in an exploit. 

Attackers managed to steal approximately 2.4 million $USDC and 1,276 Wrapped Ethereum ($WETH), worth over $5 million.

According to the founder of SlowMist, Yu Xian, the attack did not affect regular users. Instead, it targeted resolvers—special contracts responsible for processing trades—that were still using the outdated Fusion v1 framework.

1inch confirmed the exploit on 6 March, stating that the vulnerability had been discovered a day earlier. The team reassured users that only older resolver contracts had been compromised and that funds belonging to regular users were safe.

After the incident, 1inch quickly took action to help affected resolvers. The platform urged all resolvers to update their contracts to avoid further attacks.

To improve security, 1inch also launched a bug bounty program, offering rewards between $100 and $500,000 to encourage security researchers to find potential vulnerabilities. So far, the platform has received 58 reports and paid out $200 in bounties.

Bybit crypto hack

Just weeks before the 1inch exploit, Bybit, one of the largest crypto exchanges, suffered a major hack. 

On 21 February, hackers stole approximately 400,000 Ethereum , valued at around $1.5 billion. This makes it one of the largest thefts in cryptocurrency history.

The attack targeted Bybit’s cold wallet, which is supposed to be more secure than online wallets. Bybit’s CEO, Ben Zhou, confirmed the breach, stating that the stolen funds had been moved to multiple wallets.

Despite this, Zhou assured users that their withdrawals would not be affected and that Bybit remained financially stable. The exchange did not need to recover the stolen funds to continue operations, he added.

However, the attack caused panic among users. Many rushed to withdraw their funds, fearing more security issues. 

On 22 February alone, Bybit processed $2.5 billion in withdrawals, according to data from DeFiLlama. The following day, another $3.26 billion was withdrawn, bringing the total to nearly $6 billion in just 48 hours.

This massive outflow had an impact on Bybit’s total assets. Before the hack, Bybit held $16.9 billion in assets. After the withdrawals, that number dropped to $10.8 billion in record time.

To meet withdrawal demands, analysts believe Bybit may have sold Bitcoin ($BTC) or used it as collateral to acquire Ethereum. 

This theory is based on market movements and on-chain data that suggest shifts in Bybit’s asset reserves.

What this means for the crypto industry?

These two incidents show that security remains a major issue for both DeFi platforms and centralised exchanges.

1inch’s exploit highlights the risks of outdated smart contracts. Even though only older resolver contracts were affected, it raises concerns about the security of smart contracts that are not regularly updated.

For Bybit, the hack shows that even large exchanges with secure storage solutions are not immune to attacks. 

While the company managed to handle the crisis without major disruptions, the sheer scale of the hack is alarming.

The impact of the Bybit hack was also felt in the broader crypto market. Bitcoin’s price dropped sharply, falling to just above $60,000, its lowest level since November. 

This contributed to a $1 trillion market crash, showing how security breaches can shake investor confidence.

In response to these threats, crypto companies are expected to strengthen their security measures. 

Experts believe that more frequent security audits, improved storage solutions, and better risk management strategies will be necessary to protect user funds.