Skip to main content

Is 1inch.io a Scam? Security Check Results - 1inch Foundation Reviews

1inch.io favicon

Is 1inch.io Safe? Security Analysis for 1inch Foundation

https://1inch.io

Check if 1inch.io is a scam or legitimate. Free security scan and reviews.

FinanceCayman Islandslarge
ReactNext.jsCloudflare DNSGoogle AnalyticsTikTok Pixel+4 more
Analyzed 9/6/2025Completed 1:55:20 AM
67
Security Score
MEDIUM RISK

AI Summary

1inch Network is a prominent decentralized finance (DeFi) platform founded in 2019, offering a comprehensive ecosystem of products including token swapping, wallet services, portfolio tracking, and cross-chain swaps. The platform aggregates liquidity from multiple decentralized exchanges (DEXes) to provide users with optimal rates and secure execution. Positioned as a leading DeFi aggregator, 1inch serves a broad audience of crypto traders, Web3 developers, and DeFi enthusiasts, supported by a strong foundation entity registered in the Cayman Islands. The company maintains active partnerships with major crypto projects and financial institutions, enhancing its market presence and credibility. Technically, the website leverages modern web technologies such as React and Next.js, hosted behind Cloudflare DNS and CDN services, ensuring fast performance and excellent mobile optimization. The platform integrates multiple analytics and marketing tools including Google Analytics, TikTok Pixel, Facebook Pixel, and LinkedIn Insight Tag, with a clear cookie consent mechanism in place. The website demonstrates good SEO and accessibility practices, contributing to a professional and user-friendly experience. From a security perspective, 1inch enforces HTTPS, employs clientTransferProhibited domain status, and publishes a security whitepaper outlining its defense strategies. However, DNSSEC is not enabled, and no security.txt or explicit incident response contacts are publicly available, representing areas for improvement. No vulnerabilities or exposed sensitive data were detected in the analysis. Overall, the security posture is strong but could benefit from enhanced DNS security and formalized vulnerability disclosure mechanisms. The overall risk assessment indicates a trustworthy and mature platform with high business credibility and technical sophistication. Strategic recommendations include enabling DNSSEC, publishing a security.txt file, adding explicit security headers, and providing clear incident response contacts to further strengthen security and compliance. These measures will enhance user trust and align the platform with best practices in the rapidly evolving DeFi landscape.

Detected Technologies

ReactNext.jsCloudflare DNSGoogle AnalyticsTikTok PixelFacebook PixelLinkedIn Insight TagAdRollTwitter Ads

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

1inch Network holds a strong market position as a leading DeFi aggregator and protocol provider, offering a diverse range of services that cater to both end-users and developers. Its business model revolves around providing cost-efficient, secure, and user-friendly DeFi solutions, including token swaps, liquidity aggregation, limit order protocols, and cross-chain interoperability. Revenue streams likely include fees from liquidity provision and partnerships. The platform targets crypto traders, DeFi users, and Web3 developers, supported by a robust ecosystem of partners such as MetaMask, Binance Labs, and Pantera Capital. Growth indicators include a large user base (24.6M+ users), significant total volume ($707B+), and extensive liquidity sources (3.2M+). The company fosters community engagement through DAO governance and ambassador programs, reinforcing its decentralized ethos and market reach.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

s*****@1inch.io

Security Posture Analysis

Comprehensive Security Assessment

1inch Network exhibits a mature security posture with enforced HTTPS, domain transfer restrictions, and a published security whitepaper. The platform integrates MEV protection and secure execution mechanisms within its protocols. While no critical vulnerabilities or exposed sensitive data were identified, the absence of DNSSEC and a security.txt file limits the transparency and ease of vulnerability reporting. Incident response contact channels are not explicitly provided, which could hinder timely communication during security events. The use of multiple third-party analytics and advertising scripts introduces potential privacy and security considerations, though mitigated by cookie consent mechanisms. Overall, the platform demonstrates strong security practices suitable for a high-profile DeFi service but should enhance formal vulnerability disclosure and DNS security.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC to improve DNS security and prevent spoofing attacks.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

1inch Foundation

Description:

1inch Network offers a DeFi ecosystem with products like 1inch dApp, Wallet, Developer Portal, Portfolio, and Fusion for secure Web3 operations.

Key Services:
Token swappingWallet servicesPortfolio trackingCross-chain swapsLiquidity and aggregation protocols
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
ReactNext.jsCloudflare DNSGoogle AnalyticsTikTok PixelFacebook PixelLinkedIn Insight TagAdRollTwitter Ads
Frameworks:
Next.js
Platforms:
WebiOSAndroid
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
85/100
Best Practices:
  • HTTPS enforced
  • ClientTransferProhibited domain status
  • Security whitepaper published
  • No exposed sensitive data in HTML
  • Use of security-focused protocols

Analytics & Tracking

Services:
Google AnalyticsTikTok AnalyticsFacebook AnalyticsLinkedIn Analytics
Tracking Level:extensive
Privacy Compliance:good

Advertising & Marketing

Ad Networks:
AdRollFacebook AdsTikTok AdsTwitter AdsLinkedIn Ads
Tracking Pixels:
Facebook PixelTikTok PixelLinkedIn Insight TagAdRoll Pixel
Marketing Tools:
AdRollTikTok AnalyticsFacebook PixelLinkedIn Insight
Transparency Level:good

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Comprehensive DeFi ecosystem with multiple products and protocols

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

58/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

43/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

82/100
Score

No DMARC reporting

LOW

DMARC aggregate reports not configured

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:_spf.google.com ~all
DNS Lookups:1/10
Policy:~all
DKIM Selectors Found
Selector:google(1416-bit rsa)
Selector:s1(1440-bit rsa)
DMARC Details
Policy:reject

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

57/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 78 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Enabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

80/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

Domain Registration Details

Domain Age
6 years(mature)
Expiry Risk
low(257 days)
Protection Level
basicDNSSEC OFF

DNS Records

A Records:172.64.148.206, 104.18.39.50
Name Servers:
jo.ns.cloudflare.com
tony.ns.cloudflare.com
MX Records:
1: aspmx.l.google.com
5: alt1.aspmx.l.google.com
5: alt2.aspmx.l.google.com
10: alt3.aspmx.l.google.com
10: alt4.aspmx.l.google.com
SOA:Serial: 2382299623, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:66ms

SPF Analysis

SPF Record:
v=spf1 include:_spf.google.com ~all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built using modern web technologies including React and Next.js, ensuring a performant and responsive user experience across devices. Hosting and DNS services are provided by Cloudflare, contributing to fast load times and DDoS protection. The site employs multiple analytics and marketing tools, integrating tracking pixels from Google, Facebook, TikTok, LinkedIn, and AdRoll, with a compliant cookie consent banner. The absence of a traditional CMS suggests a custom or proprietary content management approach. SEO and accessibility are well addressed, with comprehensive metadata, Open Graph tags, and structured data enhancing search engine visibility and social media integration. Technical risks are minimal, though the reliance on numerous third-party scripts requires ongoing security vigilance.
Analyze Another Website