Hack: $4.5M Stolen from 1Inch Market Maker

Heads up for the 1Inch community: one of their market makers, Trusted Volumes, has been hit by a cyberattack, resulting in a loss of $4.5M. The good news is that 1Inch’s DEX aggregator was quick to spot some unusual activity. These suspicious outflows were contained to a specific area of the protocol, meaning trading remained smooth and unaffected for the majority of users.
It turns out Trusted Volumes, a market maker for 1Inch, wasn’t the only one affected. Unfortunately, a few smaller market makers also experienced losses in this attack, adding up to around $0.5M in total losses.
Pinpointing the precise amount stolen is a bit tricky because some of the stolen funds were in Wrapped Ether (WETH), which, as you know, has a price that goes up and down. However, blockchain security firm SlowMist has crunched the numbers and estimates the total loss to be around $5 million, with approximately $2.4 million of that in USDC. In fact, a hefty 2 million USDC chunk was moved in a single transaction, then split and sent to two different addresses.
According to our analysis, this incident resulted in a loss of 2.4 million $USDC and 1276 $WETH, totaling over $5 million.
— SlowMist (@SlowMist_Team) March 7, 2025
Digging deeper, SlowMist identified the specific 1Inch settlement contract as ground zero for the exploit. This contract was essentially the point of vulnerability, allowing the hacker to siphon funds from multiple market makers.
Resolver Smart Contract: The Weak Link Used to Drain Market Maker Funds
According to on-chain analyst Chaofan Shou, the culprit was indeed the resolver smart contract. This contract was the link between 1Inch and the market makers’ trading bots. Interestingly, during the attack, it seems the hacker slipped up, and white hat hackers tried to intervene and recover some funds. In a twist, the attacker even mistakenly sent some funds back to 1Inch!
The good news is that this vulnerability was specific to the older Fusion V1 version of the contract, which is now outdated. 1Inch currently uses a more secure, updated version. However, they maintained the older resolver for some ecosystem participants who were still using it. Following this incident, 1Inch has highlighted their bug bounty program, offering hefty rewards – up to $500,000 – for anyone who can find and report critical vulnerabilities.
1Inch has reassured everyone that all market makers are now using the patched settlement contract, eliminating the vulnerability. On-chain detectives have revealed the attacker’s method: they exploited a loophole that allowed them to connect to the market maker bots and directly withdraw funds, instead of using them for legitimate settlements on the 1Inch platform.
Essentially, the hacker was able to create fake requests, making it appear as if they were coming from the official 1Inch contract. These fake requests tricked the market makers’ trading bots into sending funds directly to the attacker’s wallet.
1inch market maker @trustedvolumes got hacked for over $4.5M and a few smaller MMs got hacked for $0.5M yesterday.
The root cause is that 1inch calls MM contract’s resolveOrders function to get funds to its settlement contract. Most bots only checked the msg.sender = settlement… pic.twitter.com/kSnkP5jpiH
— Friedrice (svm/acc) (@shoucccc) March 7, 2025
Following the incident, 1Inch promptly alerted all market makers still using resolver contracts to upgrade to the latest version. Reassuringly, no further suspicious fund movements have been detected. Importantly for everyday users, this exploit did not require any action from your side and did not impact personal wallets.
This recent attack, targeting a widely-used smart contract, serves as a reminder that security in Web3 remains a critical concern, even for top-tier protocols like 1Inch. Despite boasting a strong 94.41% security score from Certik and generally being considered highly secure, vulnerabilities can still emerge.
It’s worth noting that even with Certik’s monitoring, not all of 1Inch’s code has undergone full verification and auditing. Currently, around 39% of the project’s code, consisting of three contracts, has been verified. Interestingly, 1Inch itself isn’t a major holder of funds, with only $4.35M in Total Value Locked (TVL).
The 1Inch DEX aggregator operates across seven different blockchains, with Ethereum being the most popular. The protocol has seen a dip in fee generation after a peak in late 2024, currently generating around $170K in weekly fees. Despite this slight slowdown, 1Inch remains a go-to platform, especially for smaller Ethereum traders, maintaining a solid base of 549,000 monthly active users.
Hack News Has Little Impact on 1Inch Token Price
The news of the hack didn’t seem to rattle the 1Inch token price, which held steady around $0.23, close to its three-month low. This stability likely reflects the broader market trend of reduced demand, even for tokens associated with prominent protocols.
Since the 2021 bull run, 1Inch’s user base has shifted towards smaller players. The majority of trades are now under $1,000, and median trade sizes have decreased across all supported chains.
In essence, 1Inch has evolved from a platform dominated by whales and early adopters to one that primarily caters to a consistent user base conducting low-value swaps, sometimes even under $10.