Social-media impersonation scam spike
Chainlink CCIP's assessment for RD-F-109 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Persistent and confirmed brand impersonation activity. (1) Official Chainlink Discord compromised 2024-09-03: phishing link posted; community warned via Twitter; never officially acknowledged by Chainlink; total victim losses unknown but wallet-drain mechanism confirmed active. (2) chnlink[.]xyz: confirmed active fake Chainlink site operating as cryptocurrency drainer (PCRisk documented; serving IP 104.21.96.1). (3) register-chain[.]link: confirmed fake airdrop mimicking Chainlink (PCRisk). (4) dashboard-chain[.]xyz: confirmed fake Chainlink site. (5) Fake CCIP bridge scam resulting in $520K LINK loss documented (Binance Square). (6) ChainLink phishing technique using trusted service chains documented by BleepingComputer and SecurityQuotient. Score: yellow — ongoing elevated impersonation activity; one confirmed Discord compromise incident; no spike uniquely targeting CCIP as a pre-strike reconnaissance pattern. Persistent structural threat.
Sources #
- URLChainLink Official Discord Phishing LinksChainlink Discord phishing 2024-09-03 — official Discord compromised; phishing link posted; wallet drainer risk activeretrieved 2026-05-16
- Fake Chainlink Website Scam — PCRiskPCRisk: chnlink[.]xyz — confirmed fake Chainlink wallet drainer siteretrieved 2026-05-16
- ChainLink Phishing: How Trusted Domains Become Threat VectorsBleepingComputer: ChainLink Phishing — exploitation of trusted infrastructure chains for credential harvestingretrieved 2026-05-16
Methodology #
Detect a sharp uptick in Discord/Telegram/X accounts impersonating the protocol team or announcing fake airdrops.
See the full factor methodology and distribution across all protocols →