A co-founder who holds 50% of a protocol's equity cannot be fired. Unless the governance contract has a backdoor.
Anton Bukov, 1inch co-founder and former protocol architecture lead, announced he was fired. The same day, he launched Second Tier, an infrastructure startup. The official 1inch channels remain silent. The market shrugs. But the smart contract architect in me sees a different story: this is not a resignation. It is a bug in the organizational smart contract.
Code is law, but bugs are the human exception. And this bug has both on-chain and off-chain implications.
Context: The 1inch Machine
1inch is a DEX aggregator. It routes trades across Uniswap, Curve, and others to find the best price. Bukov was not just any co-founder. He led the protocol architecture and security—the same person who designed the contract library that handles billions in volume. His fingerprints are on every critical Solidity line.
Second Tier is a blank canvas. An infrastructure startup with zero code, zero team, zero token. Only a name and a founder's tweet. In a bull market, that is enough to attract VC interest. But my forensic code skepticism kicks in: where is the repo?
Core: The Technical Risk of a Single-Person Security Model
Based on my audit experience, a project's security is only as good as its core contributor's availability. In 2017, during the 0x protocol deep dive, I isolated three integer overflow vulnerabilities in their exchange contract. The team fixed them. But the reliance on one lead auditor was a bottleneck. When that lead moved on, the attack surface grew.
Bukov was 1inch's security backbone. He personally audited the router contracts, the permissionless lists, the fee logic. Without him, the protocol's response time to zero-day exploits increases. The GitHub commit graph will tell the truth—if the velocity drops by more than 30% in the next quarter, that is a signal.
But the deeper issue is governance. Bukov claims he holds 50% of the shares and is still a co-founder. Yet he was fired. In a smart contract, this would be a reentrancy bug: the contract allows the owner to be removed while still holding admin keys. Here, the corporate structure mirrors a flawed multi-sig. The majority owner cannot be ejected without triggering a state change. Unless the ejection is illegal. Unless the 'termination' is a legal construct, not a technical one.
The ledger remembers what the wallet forgets. The 50% shareholding is on the cap table. The firing is on the HR document. These two truths conflict. Until a formal verification of the employment agreement is released, the uncertainty is a vulnerability.
Second Tier's promise of 'infrastructure' is vague. During the Curve liquidity audit in 2020, I found a precision loss in their amp coefficient calculation. Mathematical elegance did not guarantee security. Second Tier's white paper—if it ever arrives—must be treated as a hypothesis, not a roadmap. Until there is code, there is no truth.
Contrarian: The Bull Case for the Split
The market sees this as a negative for 1inch. I see a potential positive—if the governance is cleaned up. 1inch now has a clearer leadership structure. Bukov may have been a bottleneck. His departure could accelerate development by forcing the remaining team to decentralize knowledge. Second Tier could also become a partner, not a competitor. Infrastructure projects often complement aggregation. The real risk is if Second Tier builds a direct aggregator competitor—but that would require years of liquidity bootstrapping.
The contrarian angle: the firing might be a strategic alignment. Bukov might be taking a new initiative outside the 1inch brand to avoid regulatory scrutiny. Holders of 1INCH should not panic. They should monitor the commit graph.
Takeaway: Watch the Code, Not the Tweets
In crypto, credibility is measured in deployed contracts. Second Tier has zero. 1inch has a track record. The question is whether the departure of a key architect will degrade that record. I will be running static analysis on 1inch's next upgrade. If the test coverage drops, so will my trust.
The ledger remembers what the wallet forgets. But only if the code is audited.
Trust, verify, then trust again. That is the only safe pattern.