VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
An attacker exploited a smart contract belonging to the 1inch DEX aggregator, stealing $5 million in the USDC stablecoin and wETH. According to the platform, the vulnerability existed in "smart contracts using the obsolete Fusion v1 implementation", and the stolen funds belonged to resolvers (that is, entities that fulfill 1inch orders) rather than users. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 5,000,000.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- 1inch
- bug_class
- logic
- date_occurred
- 2025-03-05
- loss_usd
- $5,000,000
- source_id
- sm:1inch::2025-03-05
Related — same bug class· logic