Brand abuse takedowns
Comprehensive surveillance detects any attempt to deceive users by exploiting 1inch’s identity - then takes proactive measures to intervene.
Powered byand
1inch is built to protect you and your assets
Cutting-edge DeFi security. Institutional-grade data protection. The most-audited smart contracts in the industry.
Safer for users
From scam protection to brand abuse takedowns - we work constantly to shield you from attacks.
Stay informedSafer for partners
With ISO27001 and SOC2 certification, our products and practices meet the highest standards of compliance.
Visit our Trust CentreInternal blockchain investigation team
Security analysts investigate high-risk activity across chains, connect addresses and flows, and feed verified findings into warnings, blocks, and incident response
Integrated public blocklists
1inch absorbs reputable sanctions and risk blocklists. Updates sync near-real time across all layers and supported chains.
Cybercrime intelligence
Open-source intelligence and trusted threat signals help pre-flag malicious infrastructure and abuse patterns.
Transaction and behavior pattern monitoring
Behavioral analytics highlight suspicious sequences. Risky actions trigger warnings or extra checks before a transaction is signed.
Advanced wallet & address screening
Interactions are screened against internal research and external intelligence. High-confidence hits trigger immediate protective controls, followed by a defined human review to minimize false positives.
Multi-surface screening
All interactions are protected by layered controls: real-time screening (geofencing, VPN detection, device integrity), on-chain analytics and threat profiles, with manual overrides when needed.
DeFi risk management
We deploy layered strategies to detect and block addresses connected to illicit activity.
Powered by
Built-in security and threat prevention
1inch infrastructure actively detects and prevents malicious activity, with continuous reviews to ensure ongoing safety.
Transaction scanning. Transactions processed via 1inch applications are scanned to detect fraudulent activity, and the user is alerted automatically.
Domain scanning. When a 1inch user connects to a third-party application, a domain scan is activated, and the user is warned of any potential threat.
Malicious token detection. Token and wallet addresses are checked. Scam tokens masquerading as legitimate ones are instantly detected and flagged to the user.
Product security
Swap safeguards
1inch Rabbithole
Intent-based Swaps
ISO 27001/SOC2 compliance
Every trade runs through built-in checks to prevent losses from slippage, front-running or malicious routing.
Send transactions straight to validators - making sandwich attacks impossible.
Swap orders are handled directly by solvers, not made public on the blockchain.
1inch complies with the highest data security standards.
Learn more
Up-to-date knowledge is key to effective DeFi security.
Questions? Answers.
How does transaction and domain scanning work when I connect my wallet?
When you connect a wallet through a 1inch interface, 1inch performs domain scanning to check whether the connected app's domain is known to be malicious or has been flagged for phishing or scams. Simultaneously, transaction scanning runs in the background: any transaction you initiate via 1inch is automatically checked against fraud/scam signatures or suspicious behavior before you sign it. If something looks dangerous, you're warned or the action is blocked.
How does 1inch detect malicious tokens or fake contract addresses before I trade?
1inch maintains layers of screening: token contract and wallet addresses are compared against blocklists, known malicious tokens, and scam-token patterns. There's behavior monitoring (which detects abnormal transaction patterns), automated validation of token metadata, plus live alerts for suspicious token contract addresses. If a token or address appears fraudulent, 1inch flags it or warns the user.
What is 1inch Rabbithole and how does it prevent sandwich attacks?
The 1inch Rabbithole is a feature that solves the problem of sandwich attacks by sending swap transactions directly to validators and avoiding putting them into the mempool where sandwich bots can attack them.
Are 1inch smart contracts upgradable, and why was that design choice made?
No. 1inch smart contracts are non-upgradable by design. That means there are no privileged admin keys that can change core logic after deployment. This reduces risks of internal compromise or misuse, and increases trust, because once deployed the contract's behavior is fixed and auditable.
How does 1inch screen and block high-risk addresses without over-blocking legitimate users?
1inch uses a combination of automated risk management screening, behavior and transaction-pattern analysis, and integration of multiple public and private blocklists. High-risk addresses (hacked, stolen, sanctioned, etc.) are blocked, but 1inch also uses progressive filtering—warnings first, then stricter blocking—before blocking so legitimate users are less likely to be affected. Users receive explicit warnings of risk before transactions.
What happens if a DEX aggregated by 1inch is hacked - are my funds at risk?
Generally no, your funds are not held by 1inch and are not centrally custodied. Aggregations are routed through your own wallet interacting with external DEXes or smart contracts. If one liquidity pool or protocol in the network is compromised, only funds that have been approved/used in that compromised contract are potentially affected. Because 1inch smart contracts are non-upgradable and audited, and token approvals are limited, the risk is further reduced.
Get the latest updates