inch, a leading decentralized finance (DeFi) aggregator, has rolled out a significantly upgraded bug bounty program, now offering rewards of up to $500,000 for critical vulnerability disclosures. This initiative underscores 1inch’s commitment to robust security and transparency across its ecosystem, especially in the wake of a major security breach earlier in 2025 that resulted in over $5 million in losses.
Scope of the Upgraded Bug Bounty Program
The new initiative covers five key areas of the 1inch platform, each with its own dedicated and clearly defined bug bounty program:
• Smart Contracts: The backbone of 1inch’s DeFi operations, these contracts aggregate liquidity from various decentralized exchanges to provide optimal token swaps. This area offers the highest rewards, with up to $500,000 for critical findings.
• 1inch Wallet: A multi-chain, non-custodial crypto wallet designed for secure and user-friendly DeFi transactions. Bounties here can reach up to $100,000.
• Developer Portal: This Web3 SaaS platform provides APIs and tools for developers. Vulnerabilities reported in this area can earn up to $100,000.
• 1inch dApp: The decentralized application (dApp) interface, which enables users to access deep liquidity and optimal swap rates, offers bounties up to $50,000.
• Infrastructure: Broader platform infrastructure issues, not specific to the above products, are also in scope, with rewards up to $20,000.
Community-Driven Security Approach
1inch’s bug bounty programs are designed with a community-first mindset, encouraging white-hat hackers and security researchers worldwide to participate. Each program features multi-tiered rewards based on the severity and impact of the reported vulnerability, incentivizing responsible disclosure and proactive engagement.
