1inch Davos conference: Top security measures and risks in DeFi inside out

Here’s another post in our series of highlights from Shaping Tomorrow’s Financial Landscape Through DeFi - the conference 1inch held at the World Economic Forum Annual Meeting in Davos on January 23.

Orest Gavryliak, 1inch’s Chief Legal Officer, delivered a keynote address: “Top security measures and risks in DeFi inside out.”

He focused on several of the most common security risks in the DeFi space, including smart contract exploits, market manipulation, wallet exploitation, supply chain attacks and anonymity abuse. 

Orest stressed the role that security plays for 1inch. “At 1inch, we always have security as a commitment built on layers of protection and collaborative defence,” he said. “Security is the backbone of all 1inch products.”

“We try to go to as many hubs as possible,” Orest noted. 

“Even if there are a hundred hubs between 1inch and a sanctioned wallet address, we always try to identify it and blacklist it.”

He elaborated further on 1inch security measures:

“We create internal product developments inside 1inch that actually help with blacklisting and smart contract interaction to protect users from manipulations.” Orest explained that one of the main problems of AML tools available in the space is that they may raise false positives or be bypassed. “We’re always improving front and back ends so that users who interact with 1inch cannot rewrite code and bypass AML tools,” he said. 

On wallet screening, Orest mentioned that 1inch is creating a super database of all blacklisted addresses in collaboration with several partners. He added that blacklisting also functions within 1inch APIs used by various other projects. 

“If we block a wallet centrally at 1inch’s backend, this blacklisting activity also prevents a Coinbase Wallet user, for instance, from interacting with the blacklisted wallet, because they're using our API,” he said. “So, by being active in the wallet screening space, we actually help DeFi in general to be more secure.” 

“We have user-centric security features, such as dApp scanning, malicious token detection, transaction simulation, validation for 1inch Wallet to identify risk before you're signing something,” Orest went on to say. “We have geo-fencing and VPN detection. So basically, we are geo-fencing all the sanctioned countries that might be accessing 1inch products and we don’t let them use our website. We have VPN analytics that analyze all the VPN use that's accessing 1inch and trying to prevent an illicit use of that, mainly because of our strategy of not giving bad actors or hidden IP data actors access.”

According to Orest, 1inch is currently working on another security feature, device fingerprinting, which could be adopted by banks and other institutions. “We are basically creating a user profile in the backend,” he explained. “We work with companies like Innerworks to integrate SDKs for data extraction”.

To close, Orest provided some overall recommendations for DeFi security.

“Always do your regular audit [of] smart contracts,” he said. “It's actually the main strength of 1inch. We’ve done tens of security audits with many prominent security providers in the space. And this is what helped 1inch to [become] one of the most secure platforms in the space.”

He also mentioned implementing layered security measures, advanced transaction simulation tools and robust AML/CTF compliance frameworks as major security measures.

“AML/CTF compliance frameworks is something that no one tells you [about],” he said. “We have no rules. We have no playbooks of DeFi. There is just enforcement. But you should be proactive. You should build-up yourself. We have a permission space for AML/CTF frameworks with the chief compliance officer, Hedi, that's working like a bank sometimes, without even having traditional compliance books or frameworks in place.”

Orest’s final recommendation was collaboration with various kinds of partners and law enforcement agencies. He brought up an example of a commendation that 1inch recently received from the U.S. government on helping it to prevent some illicit activity in the U.S. Treasury. 

“This is one of the recent nice achievements so far,” he concluded.

Explore the Web3 space with 1inch!