1inch dApp Security Issue Resolved: What Users Need to Know
Imagine this: you’re on the 1inch decentralized app (dApp) platform, feeling good about your crypto trades, and then out of nowhere, a hacker sneaks in to take advantage
For some 1inch users, this scary scene became real on October 30th, 2024, between 9:12 PM and 11:22 PM CET.
During this short time, users who connected their wallets to the 1inch dApp could have received a dangerous request.
Quick Fix After Wallet Risk—What Happened and How to Stay Safe
This request, if signed, could give hackers control over the user’s funds. While this sounds frightening, there’s good news ahead.
The issue came from a glitch in a tool called “Lottie Player,” which shows animations on the 1inch web dApp. Unfortunately, the attacker found a way to sneak into this animation tool and use it to send a fake signature request to users. It’s like putting a wolf in sheep’s clothing. The signature request seemed harmless but allowed hackers to drain funds from any connected wallet.
On Oct 30, 9:12 PM – 11:22 PM CET, 1inch dApp users may have encountered a malicious wallet connect and signature request.
This signature allows an attacker to drain user’s funds.
Only the 1inch web dApp was affected; the 1inch Wallet, API, and protocols were never compromised.
— 1inch (@1inch) October 31, 2024
What Parts of 1inch Were Safe?
Not all parts of 1inch were affected by this glitch. Here’s what stayed safe:
- 1inch Wallet: If you use the 1inch Wallet app , rest easy! It was never at risk.
- 1inch API: The APIs, which allow different software to work together, were safe and untouched.
- 1inch Protocols: The key smart contracts, or the “brains” behind 1inch, were never compromised.
This problem only affected users accessing 1inch through their web browser on the main dApp site, so if you stayed on the 1inch Wallet app, you dodged this one by a mile.
What Happened Next?
Thankfully, 1inch’s security team jumped on the issue quickly. As soon as they realized there was trouble, they fixed it within hours. They ensured that the dApp no longer had the compromised Lottie Player tool. So if you’re wondering if this issue is still hanging around, rest assured it’s long gone. The team is working hard to protect against this type of attack in the future, too.
The issue is resolved.
A Lottie Player compromise caused a malicious signature request on the 1inch dApp. 1inch smart contracts, Wallet, and APIs were unaffected.
More details: https://t.co/mRR8dNm0Su
Confirmed losses are subject to refunds. For help, contact [email protected] .
— 1inch (@1inch) October 31, 2024
How Can You Stay Safe?
The takeaway here? Think twice before approving any unexpected requests when using a dApp! Here are a few tips to stay out of hot water:
- Double-check signatures: If you see a wallet connection or signature request that you weren’t expecting, don’t just hit “approve.” Take a second to check if it makes sense.
- Stay updated: Watch for security updates from platforms you use. 1inch, for example, shares information on their blog and social media.
- Stick to trusted apps: Whenever possible, use the official 1inch Wallet app instead of connecting through a browser, since apps are usually safer.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted risk tolerance levels of the writer/reviewers and their risk tolerance may be different than yours. We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments so please do your due diligence. Copyright Altcoin Buzz Pte Ltd.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Uniswap founder: The killer use case for cryptocurrency is transferring value