Seasoned developer Justin Bebis, CEO of Byte Masons Web3 development studio, reported that one of the old wallets of 1inch Network (1INCH) addresses is abused by malefactors.
Old Fantom (FTM) wallet of 1inch Network under attack
Bebis has taken to Twitter to inform users that an old address on the Fantom (FTM) network that was previously used by 1inch Network (1INCH) multi-blockchain DeFi protocol, is controlled by malefactors.
‼️It seems that someone deployed a malicious contract to an old @1inch address. Likely computed the address using the Profanity hack. One of our users was affected - please make sure you all revoke approvals if you've ever used their platform on Fantom.https://t.co/Vfb5HaaWkv— bebis ~ Byte Masons | BlockBytes (@0xBebis_) October 14, 2022
The attackers deployed a malicious contract to the address 0x11111112542d85b3ef69ae05771c2dccff4faa26. As such, all DeFi users who interacted with the contract put their money at risk.
Bebis asked all Fantom (FTM) users who had approved transactions with the aforementioned compromised address involved to immediately revoke them.
As of printing time, the address is labeled as an "Exploit" and "Phish/Hack" address by a major Fantom (FTM) network explorer service FTMScan. It is highly likely that the attackers use the same vector as the recent exploit of "Profanity" addresses that made headlines in mid-September 2022.
1inch co-founder Sergej Kunz announces refund program
Back then, attackers exploited the generators of "vanity" (partially human-readable) addresses; they accessed key generation instruments and drained over $3.3 million.
Following Bebis' alert, Sergej Kunz, one of the 1inch Network founders, explained that some users of API endpoints authorized transactions to a Fantom address that, in fact, only existed on the Ethereum (ETH) network (Ethereum and Fantom contracts use the same 0x-like addresses).
Hi! Yes some API users did a mistake and created approvals on Fantom for contract which was only existing on Ethereum. Foundation has a refund program which can be used by request.— Sergej Kunz (@deacix) October 15, 2022
Also, Kunz stated that a refund program had been launched and he had already informed affected users. He also stated that law officers of 1inch are ready to report the attack to the police.