According to official news from ChainCatcher, 1inch stated that on December 9, 2024, its team discovered a security vulnerability, where an attacker fraudulently gained access to the private key belonging to the owner of the 1inch Labs parser smart contract. The attacker used this access to change the contract settings and transfer funds from the 1inch parser.

The team quickly took action to address the situation, revoked the stolen access, and enhanced the protocol's security to prevent such incidents from happening again in the future. Since the 1inch protocol is non-custodial, user funds remain secure. The 1inch application and infrastructure were unaffected and remain completely secure.