- Roles: Control who can do what
- Policies: Enforce rules on transactions and sensitive operations
- Address book: Protect against address poisoning attacks
- Verified assets: Filter out spam tokens and suspicious transactions
Getting started safely
Before creating wallets or processing transactions, set up these foundational security controls.Initial policies
To create these policies, go to
Org > Policies and click New Policy. Select the appropriate activity type and configure approval groups to require at least a 1-out-of-2 quorum.
Initial role setup
Follow the principle of least privilege: give users only the roles they need for their responsibilities. See role templates below for recommended configurations.Policy templates by use case
Treasury management
For internal teams managing company wallets with multi-signature approvals:Exchange/trading operations
For high-volume operations with exchange integrations:When using exchange integrations, withdrawals to DFNS wallets may need to be whitelisted in the exchange’s address book (e.g., Kraken, Coinbase Prime).
B2B payments
For business payments and vendor disbursements:Role templates
Create these roles inSettings > Permissions and assign them to users based on their responsibilities.
Admin
Full organizational control. Assign sparingly. You can useManagedFullAdminAccess for this role. The list of whitelisted actions is maintained by DFNS and contains all permissions.
Approver
Reviews and approves transactions. Cannot initiate them.Operator
Day-to-day transaction operations.Read-only auditor
View-only access for compliance and audit purposes.Service account (automation)
For server-to-server API integrations. See service accounts guide.Using the address book
The address book helps you manage blockchain addresses with human-readable aliases. Beyond convenience, it provides critical protection against address poisoning attacks.Address poisoning protection
In transaction history, the dashboard shows warnings for addresses not in your address book. This protects against “address poisoning” attacks where scammers:- Send tiny transactions from addresses that look nearly identical to legitimate ones (e.g.,
0x1234...5678vs0x1234...5679) - Hope you copy the wrong address when making your next transfer
Address book management
- Use clear naming conventions: Include vendor/partner name, purpose, and network (e.g., “acmecorp-payroll”)
- Add descriptions: Note the business relationship or account purpose
- Review regularly: Remove aliases for addresses no longer in use
- Update promptly: Add new addresses as soon as you establish new business relationships
Address book vs policy whitelisting
These are complementary features:- Address Book: Visual convenience and warnings. Helps you recognize addresses in the UI. Does not block transactions.
- TransactionRecipientWhitelist policy: Enforcement. Blocks transactions to non-whitelisted addresses (or requires approval).
Handling spam and scam tokens
Blockchain addresses can receive unsolicited tokens (airdrops, spam, scam tokens). DFNS provides tools to filter these out.Verified assets and transactions
On each wallet page, use the filtering toggles to focus on legitimate assets: Assets section:- Toggle: “Only show verified assets”
- The “Verified” column indicates which tokens are verified by DFNS
- Toggle: “Only show verified transactions”
- The “Verified” column shows transaction verification status
What “verified” means
- DFNS maintains a list of verified tokens and contracts across supported networks
- Verified: Token is a known legitimate asset
- Not verified: Token is not in DFNS’s verified list (doesn’t necessarily mean malicious, but warrants caution)
Testnet tokens are typically not verified. This is expected behavior.
Incoming transaction screening with Chainalysis
For additional protection, integrate Chainalysis KYT to automatically screen transactions:ChainalysisTransactionPrescreening: Screen outbound transactions before signingChainalysisTransactionScreening: Flag incoming transactions from suspicious addresses
Day-to-day security operations
Reviewing pending approvals
When policies trigger approval requests:- Go to
Activityin the dashboard to see pending approvals - Review the transaction details, including recipient address and amount
- Verify the recipient is in your address book or is otherwise expected
- Approve or reject the request
The person who initiated a transaction cannot approve it themselves (unless
initiatorCanApprove is enabled on the policy).Monitoring transactions
- Check the “Verified” column in transaction history
- Enable webhooks for real-time notifications
- Export transaction history for compliance records (
Wallet > Export)
Regular security hygiene
Next steps
Create policies
Step-by-step policy creation in the dashboard
Manage users and roles
Invite users and assign roles
Use the address book
Create and manage address aliases
Chainalysis integration
Set up AML/KYT transaction screening