Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$723 000 USD

OCTOBER 2024

GLOBAL

1INCH EXCHANGE

DESCRIPTION OF EVENTS

"One-stop access to decentralized finance" "Optimize your trades across hundreds of DEXes on multiple networks" "A tool for swapping tokens across any network and placing on-chain limit orders securely, at the best rate." "The most powerful mobile app for managing your assets and exploring Web3." "A cutting-edge tracking tool offering accurate, detailed and well-organized crypto portfolio information."

 

"1inch is dedicated to advancing a secure and compliant DeFi ecosystem. By uniting with forefront security and compliance specialists, we set the standard for safety and compliance, ensuring our users navigate the DeFi space with confidence."

 

"A Lottie Player compromise caused a malicious signature request on the 1inch dApp. 1inch smart contracts, Wallet, and APIs were unaffected."

 

"On Oct 30, 9:12 PM - 11:22 PM CET, 1inch dApp users may have encountered a malicious wallet connect and signature request.

 

This signature allows an attacker to drain user's funds.

 

Only the 1inch web dApp was affected; the 1inch Wallet, API, and protocols were never compromised."

 

Explore This Case Further On Our Wiki

Lottie Player is a common animation framework, widely used across dozens of top websites including big name well known brands. On October 30th, 2024, an upgrade to the plug-in was implemented on 1Inch, a widely used decentralized exchange. This upgrade prompted users for additional approvals, and some users granted these approvals. The approvals granted infinite permissions on their wallets and allowed a malicious actor to make off with their funds. One user lost 10 bitcoin. 1Inch has suggested that losses would be eligible for refunds and encouraged users to reach out to them.

@realScamSniffer Twitter (Dec 5)
@realScamSniffer Twitter (Dec 6)
Avalanche C-Chain Transaction Hash (Txhash) Details | SnowScan  (Dec 6)
GitHub - LottieFiles/lottie-player: Lottie viewer/player as an easy to use web component! https://lottiefiles.com/web-player (Dec 6)
Lottie Web Player - LottieFiles (Dec 6)
1inch Network | Leading high capital efficient DeFi protocols (Jul 19)

Sources And Further Reading

More case studies

Sunray Finance Malicious
Upgrade And Token Minting

M2 Exchange Access
Control Vulnerability

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.