1inch promptly responds to an unauthorized access incident

1inch swiftly addressed an incident where an attack compromised the 1inch resolver smart contract.

On December 9, 2024, we discovered a security breach in which an attacker fraudulently obtained access to a private key belonging to the owner of 1inch Labs resolver smart contract. Using this access, the attacker changed the contract’s settings and transferred funds from the 1inch resolver. 

Our team acted swiftly to address the situation. They revoked the compromised access and enhanced our security to prevent future occurrences.

User funds are safe since our protocols are non-custodial. 1inch applications and infrastructure were not affected and remain fully secure.

What happened?

The incident began when an attacker obtained unauthorized access to a private key belonging to the owner of 1inch Labs resolver smart contract. The attacker initiated the breach by deploying malicious contracts on Ethereum and later expanded their activities to other chains.

Our response

Immediately upon detecting the breach, the 1inch team took the following actions:

• Revoked compromised keys to prevent further unauthorized access.
• Transitioned to multisig wallet requiring multiple signatures, where possible.
• Conducted a thorough audit of all deployed contracts.
• Collaborated with the broader DeFi community to identify and flag the attacker’s wallets.

These initiatives effectively closed the vulnerability, halted further exploitation and reinforced our systems against future incidents.

Future steps

The recent incident highlights the ever-evolving nature of cyber threats and the critical importance of robust security practices, particularly in decentralized finance (DeFi). We remain committed to learning from this incident and continually strengthening our security. Moving forward, we are implementing the following measures:

• Private key management: Robust protocols, including multisig wallets and hardware wallets, to minimize reliance on single points of failure.
• Real-time monitoring: Advanced anomaly detection systems to identify threats as they occur, ensuring early detection and mitigation.
• Cross-chain security: Regular audits and consistent security practices across chains to address risks in interconnected, multi-chain operations.

Further actions

To address the recent incident and strengthen safety and security in the 1inch ecosystem and Web3 space in general, we’re offering several financial incentives.

1. A reward for information leading to the hacker's identification

We are offering a $250,000 reward to anyone providing substantial, verifiable information leading to the identification and prosecution of the individual(s) responsible for the theft of funds from the 1inch resolver smart contract. The reward will be paid upon confirmation of the information's role in the identification of the perpetrator(s).

2. A reward for return of the stolen funds

We are offering a reward of the same size, $250,000, to the hacker if they voluntarily return the stolen funds to 1inch within five days, with no legal consequences or prosecution. The funds must be verified as returned in full, and 1inch will not pursue legal action, provided the conditions are met.

3. Bug bounty program 

We’d like to remind the community of our ongoing bug bounty program aimed to reward individuals who identify and report vulnerabilities in our platform to improve the security and integrity of 1inch’s systems.