Stay safe in DeFi with 1inch

This week, we took a deep dive into DeFi security together with our partners. Here’s a concise summary of the key insights.

DeFi opens the door to sending value without barriers, reaching global markets and taking full control of your assets. But none of that works without adequate security.

How to avoid threats in DeFi

At 1inch, security isn’t a “nice-to-have” feature. It’s the core of the way we work and the products we build. That’s why we collaborate closely with leading security teams, constantly strengthening our defenses and staying ahead of new threats.

We’ve teamed up with PhishFort to create a comprehensive guide on how to stay safe in DeFi, covering all angles: from phishing campaigns to malicious infrastructure. Check out the full guide here.

Security in the AI age

Meanwhile, these days, security in DeFi is not limited to avoiding fake apps or social media scams. For projects to protect their users, it’s also vital to be able to handle AI - now a core tool for both builders and attackers. 

Recently, Alexandra Gulamova and Igor Gulamov from Savant.Chat, a security firm focused on AI-powered audits, joined 1inch’s Chief Information Officer Ilya Naryzhnyy to discuss how AI is reshaping both attacks and defenses - and why continuous auditing is becoming the new standard in DeFi.

The main conclusion from that talk is that combining AI-powered pre-audits with real-time CI/CD is the most promising strategy. Every commit is scanned within minutes, vulnerabilities are flagged before code reaches production, and AI helps optimize the traditional audit process. Instead of replacing human auditors, AI strengthens them - filtering issues, accelerating reviews and allowing 1inch to work even more efficiently with multiple independent security firms.

But this isn’t just about automation. Attackers are already using advanced AI models to find mathematical flaws, boundary errors and complex economic weaknesses in smart contracts. The only way to stay ahead is to fight AI with AI. 

Check out the full conversation on our LinkedIn account.

A fake Zoom update and OpSec

Still, sometimes, one thinks that they are doing all they need to stay safe in DeFi. But one day what seems to be an innocent Zoom update could cost them millions of dollars. 

That is what happened to “David,” an experienced developer and long-time crypto user whose cold wallet was compromised after installing what appeared to be a routine software update.  The attack was later linked to DPRK-associated actors. 

His case, highlighted by another 1inch partner, zeroShadow, illustrates how even technically skilled users, following what they believe to be strong security practices, can be exposed through targeted supply-chain style attacks.

David’s advice for avoiding situations like this is simple: practice strong personal operational security - OpSec. You can read the full details of his case here.

For more on DeFi security, subscribe to our newsletter!