← 1inch3 decisions on this page

Audit log

Every state-changing event for 1inch: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-27 17:32:31Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,548,218
sig
EudYcrkJy4cp…P4rHaC5Jexplorer ↗
hash
GRPtGV9oZnDt…HrtZFP1esha256 → base58
verifying row…full verify ↗
canonical bytes (8129 B) ▸
{"actor":"system:backfill","investigation_id":"a4cc3a16-a934-40c9-8117-a05d45a1f6fd","kind":"publish","page_slug":"1inch","published_at":"2026-05-27T17:32:31.836Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"1inch","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.1inch.com/meet-1inch-team-sergej-kunz/","type":"other","url":""},{"credibility":3,"name":"https://blog.1inch.com/meet-1inch-team-anton-bukov-co-founder-and-cto/","type":"other","url":""},{"credibility":3,"name":"https://www.globenewswire.com/news-release/2024/09/18/2947963/0/en/1inch-Announces-Fusion-Upgrade-Enabling-Secure-Decentralized-Cross-Chain-Swaps-for-Web3-Users.html","type":"other","url":""},{"credibility":3,"name":"https://1inch.com/about","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/1inch-website-hacked-in-supply-chain-attack/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/crypto-app-sites-malicious-popups-after-ace-drainer-hacks-animation-library","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/326012/1inch-foundation-proposes-user-compensation-plan","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/1inch-web-app-compromised-losses-to-be-reimbursed/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.1inch.com/1inch-security-and-deterrent-measures/","type":"other","url":""},{"credibility":3,"name":"https://www.binance.com/en/square/post/12-12-2024-1inch-addresses-security-breach-and-enhances-safety-measures-17445097637841","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-1inch-hack-march-2025","type":"other","url":""},{"credibility":3,"name":"https://olympixai.medium.com/the-1inch-fusion-v1-exploit-how-a-calldata-corruption-vulnerability-drained-5-million-d5667c83fc2a","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/1inch-loses-5m-hack-fusion-v1-smart-contract","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/1inch-hacker-returns-stolen-funds-defi-security/","type":"other","url":""},{"credibility":3,"name":"https://coinchapter.com/1inch-hacker-returns-5m-after-negotiation-keeps-a-bug-bounty/","type":"other","url":""},{"credibility":3,"name":"https://www.bitdegree.org/crypto/news/1inch-loses-5-million-in-crypto-theftuser-funds-remain-safe","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/400332/1inch-trustedvolumes-exploit","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/1inch-resolver-trustedvolumes-drained-for-usd6-7m-on-ethereum","type":"other","url":""},{"credibility":3,"name":"https://coinpedia.org/news/1inch-liquidity-provider-trusted-volumes-exploited-for-5-87-million/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/trustedvolumes-loses-nearly-6m-in-fresh-1inch-linked-exploit/","type":"other","url":""},{"credibility":3,"name":"https://bitcoinfoundation.org/news/crimes-and-fraud-news/1inch-provider-hacked/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.molfar.institute/en/1inch-fss-crypto-en/","type":"other","url":""},{"credibility":3,"name":"https://molfar.com/en/blog/1inch-fss-crypto","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://bestdapps.com/blogs/news/a-deepdive-into-1inch-network","type":"other","url":""},{"credibility":3,"name":"https://tokeninsight.com/en/coins/1inch/tokenomics","type":"other","url":""},{"credibility":3,"name":"https://tokenomist.ai/1inch","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/1inch-team-buys-11-81-million-1inch-tokens-valued-3-3-million-2507/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.ccn.com/analysis/crypto/1inch-price-prediction/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/343583/cow-swap-surges-to-26-market-share-challenging-1inch-for-dex-aggregator-dominance","type":"other","url":""},{"credibility":3,"name":"https://messari.io/report/state-of-1inch-q2-2025","type":"other","url":""},{"credibility":3,"name":"https://messari.io/report/state-of-1inch-q3-2025","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/sec-is-killing-innovation-in-united-states-1inch-co-founder","type":"other","url":""},{"credibility":3,"name":"https://www.trmlabs.com/resources/case-studies/1inch-network-identifies-hundreds-of-high-risk-addresses","type":"other","url":""},{"credibility":3,"name":"https://1inch.com/about","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.pcrisk.com/removal-guides/33033-1inch-reward-scam","type":"other","url":""},{"credibility":3,"name":"https://www.pcrisk.com/removal-guides/32977-1inch-airdrop-scam","type":"other","url":""},{"credibility":3,"name":"https://www.enigmasoftware.com/1inchrewardscam-removal/","type":"other","url":""}]}],"sources_used":[],"summary":"1inch is a decentralized exchange (DEX) aggregator and liquidity protocol founded in 2019 by Sergej Kunz and Anton Bukov, operating across Ethereum and multiple EVM-compatible chains. The platform has experienced a series of security incidents between late 2024 and mid-2025, including a front-end supply chain attack, a private key compromise, a $5 million Fusion v1 resolver exploit, and a separate $5.87 million attack on a partner resolver — raising questions about operational security and smart contract lifecycle management. Additional concerns include alleged connections between co-founder Anton Bukov and the Russian FSS Academy, governance centralization risks, and sustained token value erosion since the 2021 peak.","timeline":[{"date":"2019-05-01","event":"Sergej Kunz and Anton Bukov prototype the 1inch DEX aggregator at the New York ETHGlobal hackathon.","source":""},{"date":"2020-08-01","event":"1inch protocol launches publicly as a DEX aggregator routing trades across multiple decentralized exchanges.","source":""},{"date":"2020-12-01","event":"1INCH governance token distributed via retroactive airdrop; one wallet allegedly received tokens then valued at ~$22.7 million according to Molfar Intelligence.","source":""},{"date":"2024-09-18","event":"1inch announces Fusion+, an intent-based cross-chain atomic swap system enabling trustless cross-chain swaps without bridges.","source":""},{"date":"2024-10-30","event":"1inch front-end compromised in Lottie Player supply chain attack; 'Ace Drainer' malicious popups served to users. 1inch Foundation later proposes $768,026 USDC reimbursement.","source":""},{"date":"2024-12-09","event":"Private key of the 1inch Labs Resolver smart contract owner compromised; attacker alters contract settings and transfers funds. 1inch revokes access and announces enhanced security measures.","source":""},{"date":"2025-03-05","event":"Attacker exploits buffer overflow in deprecated Fusion v1 Settlement contract, stealing approximately $5 million (2.4M USDC + 1,276 WETH) from resolvers still using legacy contracts.","source":""},{"date":"2025-03-06","event":"1inch and the affected resolver negotiate with the attacker on-chain; majority of stolen funds returned by ~4:12 AM, with attacker retaining ~$450,000 as a bug bounty (~10%).","source":""},{"date":"2025-05-07","event":"TrustedVolumes, a 1inch resolver and liquidity provider, exploited for approximately $5.87 million via a flaw in its custom RFQ proxy server; attributed to the same attacker as the March 2025 Fusion v1 hack.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 6366e627-3030-460d-95b7-ccdfee4c6349
#2reviewby reviewerreviewer
2026-06-14 23:15:54Z
Score: 38 → 38 (no score change)
Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. 1inch is a well-established, legitimate DeFi DEX aggregator launched in 2019, with 60%+ EVM DEX aggregator market share, 15+ security audits from top-tier firms (OpenZeppelin, ConsenSys, ABDK), and no evidence of fraud or self-dealing. The four incidents the page cites as driving the WARNING score are all either suffered by the entity or attributable to third-party failures: (1) the October 2024 Lottie Player frontend attack was a supply-chain compromise of a third-party npm library affecting the UI only; (2) the December 2024 private key incident affected a 1inch Labs resolver key but not user funds; (3) the March 2025 Fusion v1 exploit targeted a contract deprecated since 2023 being run by a third-party resolver, with ~90% of $5M recovered; (4) the TrustedVolumes incident — misdated by the page as 'May 2025' when it actually occurred May 7, 2026 — was explicitly disavowed by 1inch as a third-party resolver breach with zero impact on 1inch systems or user funds. The FSS Academy claim about co-founder Anton Bukov is an educational credential from 2011, not actionable evidence of misconduct. Under the AVOID.NET band semantics, a legitimate operator with material but largely third-party-caused caveats (deprecated-contract ecosystem risk, supply-chain frontend exposure) and an active security program belongs in CAUTIONARY (50-69), not WARNING. A score of 62 reflects these material but non-fraudulent caveats while correctly distinguishing a victim/bystander from a perpetrator.
anchoranchored
chain
●mainnet-betaslot 426,514,404
sig
5d8CahNCguuK…oA97druTexplorer ↗
hash
9ghn8LCPfX4S…cSmiucdksha256 → base58
verifying row…full verify ↗
canonical bytes (1980 B) ▸
{"actor":"reviewer","decided_at":"2026-06-14T23:15:54.866Z","decision":"review","investigation_id":"a4cc3a16-a934-40c9-8117-a05d45a1f6fd","new_score":38,"page_slug":"1inch","prev_score":38,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. 1inch is a well-established, legitimate DeFi DEX aggregator launched in 2019, with 60%+ EVM DEX aggregator market share, 15+ security audits from top-tier firms (OpenZeppelin, ConsenSys, ABDK), and no evidence of fraud or self-dealing. The four incidents the page cites as driving the WARNING score are all either suffered by the entity or attributable to third-party failures: (1) the October 2024 Lottie Player frontend attack was a supply-chain compromise of a third-party npm library affecting the UI only; (2) the December 2024 private key incident affected a 1inch Labs resolver key but not user funds; (3) the March 2025 Fusion v1 exploit targeted a contract deprecated since 2023 being run by a third-party resolver, with ~90% of $5M recovered; (4) the TrustedVolumes incident — misdated by the page as 'May 2025' when it actually occurred May 7, 2026 — was explicitly disavowed by 1inch as a third-party resolver breach with zero impact on 1inch systems or user funds. The FSS Academy claim about co-founder Anton Bukov is an educational credential from 2011, not actionable evidence of misconduct. Under the AVOID.NET band semantics, a legitimate operator with material but largely third-party-caused caveats (deprecated-contract ecosystem risk, supply-chain frontend exposure) and an active security program belongs in CAUTIONARY (50-69), not WARNING. A score of 62 reflects these material but non-fraudulent caveats while correctly distinguishing a victim/bystander from a perpetrator.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision ae290fa4-52d4-4e29-ac00-f4876961280e
#3review approveby judgejudge
2026-06-14 23:15:54Z
Score: 38 → 62 (+24)
All six claim findings (claim_findings[0] through claim_findings[5]) are fully supported with 0% disputed. The review establishes that 1inch is a legitimate, non-custodial DEX aggregator with 60%+ EVM market share and 15+ top-tier security audits. Every incident driving the current WARNING score (38) is attributable to third-party supply-chain compromise, deprecated contracts operated by independent resolvers, or partner-side breaches explicitly disavowed by 1inch — none involve 1inch fraud or self-dealing. The current score miscategorizes a victim/bystander as a perpetrator; the reviewer-recommended score of 62 (CAUTIONARY) correctly reflects material but non-fraudulent operational caveats. Score is adjusted upward by +24 to reach the recommended CAUTIONARY band. Page content stands as accurate and published status is unchanged.
anchoranchored
chain
●mainnet-betaslot 426,514,410
sig
SPvr4zbyXTQd…MYU3d5YEexplorer ↗
hash
H4R8G5sYnHNR…vLKPmuVpsha256 → base58
verifying row…full verify ↗
canonical bytes (1188 B) ▸
{"actor":"judge","decided_at":"2026-06-14T23:15:54.866Z","decision":"review_approve","investigation_id":"a4cc3a16-a934-40c9-8117-a05d45a1f6fd","new_score":62,"page_slug":"1inch","prev_score":38,"reason":"All six claim findings (claim_findings[0] through claim_findings[5]) are fully supported with 0% disputed. The review establishes that 1inch is a legitimate, non-custodial DEX aggregator with 60%+ EVM market share and 15+ top-tier security audits. Every incident driving the current WARNING score (38) is attributable to third-party supply-chain compromise, deprecated contracts operated by independent resolvers, or partner-side breaches explicitly disavowed by 1inch — none involve 1inch fraud or self-dealing. The current score miscategorizes a victim/bystander as a perpetrator; the reviewer-recommended score of 62 (CAUTIONARY) correctly reflects material but non-fraudulent operational caveats. Score is adjusted upward by +24 to reach the recommended CAUTIONARY band. Page content stands as accurate and published status is unchanged.","score_delta":24,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 8a82c269-911f-4674-ae31-743dff31483d

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.