DAO Vote Underway for 1inch User Reimbursement Following Supply Chain Attack

The 1inch Foundation has submitted proposal 1IP-80 to its decentralized autonomous organization, seeking approval for a $768,026 USDC compensation plan for users affected by an October 2024 exploit. Decrypt reports that the proposal outlines reimbursement equal to the estimated value of stolen tokens at the time of the attack, sourced from the DAO treasury. The vote currently stands at 53.47% in favor versus 46.53% against, with 30 total votes submitted.

The October 30 attack compromised the 1inch decentralized application through a supply chain vulnerability in the Lottie Player library. Wiz confirmed that attackers injected malicious code into versions 2.0.5, 2.0.6, and 2.0.7 of the animation library, prompting Web3 wallet connections on affected websites. BeInCrypto noted that the breach originated from compromised access tokens belonging to library maintainers, affecting multiple platforms beyond 1inch.

Under the Foundation's proposal, victims must complete Know Your Customer verification, provide evidence of losses, file law enforcement reports, and sign compensation agreements. The proposal requires victims to waive rights to future recovered funds, which would return to the DAO treasury instead.

Supply Chain Attacks Target DeFi Platforms

The 1inch exploit represents part of a broader trend affecting the cryptocurrency ecosystem. Cyble documented that supply chain attacks increased 25% from October 2024 to May 2025, averaging over 16 incidents monthly. The firm tracked 79 cyberattacks with supply chain implications in the first five months of 2025, with 63% directly targeting IT, technology, and telecommunications sectors.

The Lottie Player compromise affected approximately 400 websites according to Blockaid, which detected the malicious payload as a version of the Ace Drainer service. The attack exploited compromised npm automation tokens to bypass two-factor authentication controls, demonstrating how trusted development tools become attack vectors.

This incident follows 1inch's March 2025 security breach, where hackers stole $5 million from outdated Fusion v1 resolver contracts. Halborn explained that attackers exploited a buffer overflow vulnerability in the settlement function, though most funds were recovered through negotiations with the hacker.

DAO Compensation Mechanisms Face Challenges

The 1inch compensation vote highlights ongoing debates about DAO treasury usage for user reimbursement. Investopedia explains that DAOs often maintain treasuries housing tokens that can be issued in exchange for fiat, with members voting on fund allocation decisions. The proposal requires a simple majority for approval, with voting remaining open until June 22.

One large wallet holding 3.3 million votes opposes the measure, arguing that the DAO should not function as an insurance fund due to lack of recurring revenue. Another wallet controls 2.2 million of the 3.8 million favorable votes, demonstrating how token concentration can influence DAO governance outcomes.

The compensation mechanism differs significantly from traditional financial institutions, where deposit insurance and regulatory frameworks typically protect users. DAOs operate without central authorities, making victim compensation dependent on community consensus and treasury availability rather than mandated protections.

Broader Industry Security Implications

The 1inch case reflects escalating cybersecurity challenges across decentralized finance platforms. Help Net Security reports that adversaries increasingly use generative AI to create convincing phishing attacks targeting procurement processes and vendor communications, with 97% of supply chain leaders already using some form of AI.

Hardware-level threats and compromised firmware are resurging in critical infrastructure environments, while real-time visibility powered by IoT telemetry and blockchain-based traceability becomes essential for global supplier networks. Gartner predicts that 45% of organizations worldwide will experience supply chain attacks by 2025, representing a three-fold increase from 2021.

Traditional financial institutions face different exposure levels, as they typically maintain centralized security controls and regulatory oversight. However, the interconnected nature of modern financial systems means that DeFi vulnerabilities can potentially impact broader market stability through institutional exposure to digital assets.

The incident also reflects a global trend toward more sophisticated attack methods, where threat actors target widely-used development tools rather than individual platforms. This approach allows single exploits to affect multiple organizations simultaneously, maximizing potential returns while minimizing detection risks.

Related Reading on DAO Times

DAO Times provides a comprehensive guide to DAO tools for 2025, covering the complete ecosystem from governance platforms to treasury management solutions. The article examines over 50 specialized tools across categories including creation platforms like Aragon OSx and XDAO, voting systems such as Snapshot and Tally, and treasury management tools including Safe and Coinshift. Readers will gain practical knowledge about AI integration in governance processes, cross-chain functionality, and Zero-Knowledge technologies for private voting, helping them understand the infrastructure that powers modern DAOs like 1inch's governance system.