According to Decurity's post-mortem report, after 1inch negotiated with the hackers, most of the $5 million stolen by the attack has been returned, and the hackers kept part of it as a bug bounty. The attack originated from a vulnerability in the Fusion v1 smart contract, which mainly affected the use of outdated versions of the parser. Ordinary user funds were not affected. According to a previous report by Odaily, 1inch discovered a vulnerability in the Fusion v1 smart contract on March 5, which hackers exploited to steal funds. 1inch has called on relevant parsers to immediately audit and update the contract to prevent similar incidents from happening again.