Skip to main content
All Collections1inch Wallet
1inch DeFi Wallet - Scam Protection
1inch DeFi Wallet - Scam Protection

Everything you need to know about the 1inch DeFi Wallet scam protection feature

Matt avatar
Written by Matt
Updated over 4 months ago

To enhance your safety and security, the 1inch DeFi Wallet includes a scam protection feature. This tool helps detect and prevent potential scams and malicious activities during your transactions and interactions with external decentralized applications (dApps).


How It Works

dApp Check in Browser

When you attempt to open a website or connect to a dApp using the web3 browser within our mobile wallet, we perform the following check:

  • Domain Scan: We scan the domain you are trying to access. If the domain is identified as malicious, we display an alert screen. This screen provides details on detected threats associated with that domain.

  • Proceeding: If the domain is safe, you can tap "I got it" and proceed to the website or dApp without any warnings.

Dapp Check in WalletConnect (WC)

When connecting to a dApp via WalletConnect, we ensure the safety of the connection:

  • Domain Verification: Similar to the browser check, we scan the domain of the dApp. If it's flagged as malicious, an alert appears on the connection confirmation screen.

  • Proceeding: You have the option to proceed with the connection by holding down a button to confirm. If the domain is safe, the connection proceeds as usual.

Additionally, every time you view details of an existing WalletConnect connection, we re-check the connected dApp for any potential threats.

Transactions Validation & Simulation

Before you finalize any transaction through WalletConnect or the web3 browser, we validate the transaction:

Validation Results: Based on our checks, transactions are classified into one of three categories:

  • Benign: Safe transactions that you can confidently sign.

  • Warning: Transactions that may pose risks to your security; sign at your own risk.

  • Malicious: Highly risky transactions that we recommend you DO NOT SIGN.

    Benign



    Warning


Malicious

  • Transaction Simulation: For transparency, you will see a simulation of what will occur in your wallet if you proceed with the transaction. This simulation is displayed under the 'Estimated results' tab.

  • Proceeding: If you choose to proceed with a malicious or warning transaction, you must confirm by holding a button. Safe transactions proceed without additional warnings.

Self-reporting

If you interact with a dApp or transaction that you feel is malicious, and the 1inch scam protection does not classify it, you can also manually report it. This will be forwarded to the 1inch security team for review.

Scam Classification

We categorize threats detected during domain checks into the following categories to help you understand the potential risks:

Domain Threats

  • Signature misuse: Detected dApp attempts to execute raw user signatures, potentially for malicious purposes.

  • Token approval misuse: Detected dApp attempts to misuse token approval requests.

  • Malicious approval requests: Detected dApp attempts to execute potentially malicious approval requests.

  • Malicious token transfer: Detected dApp attempts to initiate potentially malicious token transfer transactions.

  • Unapproved transfer: Detected dApp attempts to execute malicious transfer transactions.

  • Native currency theft attempt: Detected dApp attempts to steal native currency.

  • Seaport exploitation: Detected dApp attempts to exploit OpenSea's seaport orders to steal assets from its users.

  • Blur order exploitation: Detected dApp attempts to exploit Blur orders to steal assets from its users.

  • Permit signature exploitation: Detected dApp attempts to obtain Permit signatures from users to approve assets on behalf of an attacker.

  • Recovery phrase theft attempt: Detected dApp attempts to steal users’ recovery phrases to gain access to wallets.

  • Malicious network interaction: Detected dApp attempts to make a network request to a malicious entity.

  • Malicious software: Detected dApp attempts to use malicious software.

  • Malicious activity: Detected dApp attempts to engage in potentially malicious activity.

Transaction Threats

  • Malicious address: A known malicious address is involved.

  • Gas draining attack: Wasting the user's address's gas to generate tokens for a scammer.

  • Proxy upgrade attack: The contract's implementation address might be changed to a malicious one.

  • User error: Possible transfer to an incorrect address, like a contract address.

  • Empty address: Approving or transferring assets to an empty address with no transaction history.

  • Untrusted address: Approving or transferring assets to an untrusted address.

  • Unfair exchange: Potential scam risk with more tokens sent than received, indicating an unfair exchange.

  • Wallet drainer contract alert: Interacting with a contract that exhibits wallet drainer indicators.

  • Asset loss: Risk of asset loss without compensation.

  • Overpriced token mint: Minting a new token at a significantly higher price than the required onchain price.

  • Unverified contract: Interacting with an unverified contract.

  • Unsafe activity: Risk detected. Review details carefully before proceeding.


Questions, comments, concerns?

Feel free to reach out to us in the live support chat!

Did this answer your question?