DeFi Llama warns against malicious link spoofing its service

Source Cryptopolitan

DeFi Llama is the latest victim of a spoofing link. The data service warns against using top links from Google, as malicious activity has been noticed. 

DeFi Llama warned against using Google to search for Llama Swap. The search yielded an advertising site as the top sponsored result, which remained live for more than two hours.

The website is not the native DEX on DeFi Llama, and will instead contain malicious links. The site has been reported to Google, but remained live for a while after DeFi Llama’s signal. The DeFi Llama Swap contracts have not been compromised, and there are no additional risk to users.

https://twitter.com/DefiLlama/status/1856288177608159679 

DeFi Llama Swap aims to be a zero-fee service, seeking the most efficient route among multiple aggregators. The swap service is targeting Ethereum and L2 tokens, and is not compatible with Solana wallets. DeFi Llama itself is a passive data service that does not require a wallet connection. 

Even with a malicious link, some wallets should warn about the discrepancy through internal checks, and prevent any transactions or permissions. Using sponsored content on Google is a relatively old way to serve fake links and attempt to drain wallets. 

Google ads have targeted crypto projects, especially during bull runs when mainstream enthusiasm for crypto is rising. The ad arrived after a slight uptick in ‘DeFi’ search terms on Google. 

The Defi Llama Swap spoof site was identical to the original, with the exception of the URL. The faked site was flagged for suspicious activity, but contains no malware. The risk comes from the voluntary decision of the user to connect a wallet and attempt a swap. 

DeFi Llama notified of a spoof link, which showed a suspicious URL.
DeFi Llama notified of a spoof link, which showed a suspicious URL. | Source: URL Analysis

DeFi Llama advises to reach the URL from its main data service page, and then make sure it is the same tab and connection. Similar search results remain a risk for other DEX and services. Any unofficial links requiring a wallet connection have the potential to send out transactions and drain wallets. As long as the user does not sign approvals or issue transactions, the link itself was not dangerous.

Phishing link scams accelerate, become more sophisticated

In addition to social media or chats, malicious calls to sign a transaction have also come from Lottie Player, a Wordpress tool for animations and popups. Other recent reports reveal wallets may be attacked by malware posing as a Zoom link. Similar links have been posted for MetaMask and other often-used crypto services. 

Phishing scams are a relatively minor part of overall crypto losses. However, they are some of the most damaging, as they attack personal holdings and wealth. In October, scams and project attacks accelerated, to more than 46 events based on Certik’s reporting. Phishing scams are an additional risk of loss, and may affect both end users and platforms. 

Estimates put phishing scams at around $20M in October, extending the trend in the new month. This type of scam was happening the most often. The attempts to drain wallets reawakened in September, after a few slow months. 

Targeting personal wallets is happening during NFT and meme token booms, where multiple crypto events may require a wallet connection. The hackers make use of lowered attention and hide behind legitimate services or spoofed links. On social media, malicious links are also contained in promises for fund recovery, often attempting to ask for a wallet’s private keys.

On-chain data shows up to 493 ETH stolen in September, the highest level for 14 weeks in a row. Scams are not happening regularly, and may hinge on campaigns and clustered attempts. Usually, a handful of wallets will spawn an attack in a short time frame. Similar to malicious links, poisoned addresses are also targeted operations, working fast within days to hit as many victims as possible. 

More than 90% of phishing scam victims are users of the Ethereum network. Most wallet attacks are phishing, with under 10% linked to poisoned addresses.

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
What Crypto Whales are Buying For May 2025Crypto whales are making bold moves heading into May 2025, and three tokens are standing out: Ethereum (ETH), Artificial Superintelligence Alliance (FET), and Onyxcoin (XCN).
Author  Beincrypto
Apr 21, Mon
Crypto whales are making bold moves heading into May 2025, and three tokens are standing out: Ethereum (ETH), Artificial Superintelligence Alliance (FET), and Onyxcoin (XCN).
placeholder
Gold price snaps selling off after fresh Trump comments on tariffsGold price (XAU/USD) is turning positive, recovering above the $$3,300 level at the time of writing on Thursday after two days of firm selling pressure since it topped at $3,500 on Tuesday.
Author  FXStreet
Apr 24, Thu
Gold price (XAU/USD) is turning positive, recovering above the $$3,300 level at the time of writing on Thursday after two days of firm selling pressure since it topped at $3,500 on Tuesday.
placeholder
Gold price surges past $3,300 on trade jitters, yield slump reviving haven demandGold price snapped two days of losses on Thursday and rose $50, or more than 1.50%, amid renewed concerns about the US-China trade war.
Author  FXStreet
Yesterday 03: 51
Gold price snapped two days of losses on Thursday and rose $50, or more than 1.50%, amid renewed concerns about the US-China trade war.
placeholder
Gold price consolidates in a range; bulls have the upper hand while above $3,300Gold price (XAU/USD) struggles to capitalize on the previous day's move higher and oscillates in a narrow trading band during the Asian session on Friday amid mixed fundamental cues.
Author  FXStreet
Yesterday 03: 53
Gold price (XAU/USD) struggles to capitalize on the previous day's move higher and oscillates in a narrow trading band during the Asian session on Friday amid mixed fundamental cues.
placeholder
Gold edges down amid clash over status of US-China trade talksGold price is on the back foot on Friday, almost erasing all of Thursday’s gains, and looks set to close off this week in the red.
Author  FXStreet
20 hours ago
Gold price is on the back foot on Friday, almost erasing all of Thursday’s gains, and looks set to close off this week in the red.
goTop
quote