Protocol-impersonator domain registered (typosquat)
Balancer (v2 + v3)'s assessment for RD-F-161 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Protocol-impersonator domain registered (typosquat) | Applicable: Yes — high-impersonation-risk post-exploit | Official domains: balancer.fi, app.balancer.fi, docs.balancer.fi. Confirmed scam domains: balancer-fi.website (ScamAdviser flagged as likely scam). Post-November 2025 exploit phishing campaigns active immediately with fake white-hat bounty offers. September 2023 DNS attack exploited the .fi TLD registrar directly (EuroDNS social engineering — app.balancer.fi redirected to Angel Drainer contract). Common typosquat variants in scope: balancer-fi.io, balancer-finance.xyz, balancerprotocol.com, bal-finance.io, app-balancer.fi. The 90-day registration window encompasses the post-exploit period (Nov 2025) and the post-Labs-wind-down period (March 2026) — both historically the highest brand-impersonation risk periods. No dedicated domain monitoring baseline established for this assessment. Registration delta assessment: balancer-fi.website is a confirmed active scam domain — cannot c
Sources #
- URLhttps://cointelegraph.com/news/balancer-social-engineering-attack-dns-provider-frontend-hijackretrieved 2026-05-05
- https://medium.com/balancer-protocol/dns-security-incident-post-mortem-1b1feb735acaretrieved 2026-05-05
- https://www.scamadviser.com/check-website/balancer-fi.websiteretrieved 2026-05-05
Methodology #
Determine whether a typosquat of the official protocol domain has been registered in the last 90 days.
See the full factor methodology and distribution across all protocols →