DeFi Llama warns against malicious link spoofing its service

Source Cryptopolitan

DeFi Llama is the latest victim of a spoofing link. The data service warns against using top links from Google, as malicious activity has been noticed. 

DeFi Llama warned against using Google to search for Llama Swap. The search yielded an advertising site as the top sponsored result, which remained live for more than two hours.

The website is not the native DEX on DeFi Llama, and will instead contain malicious links. The site has been reported to Google, but remained live for a while after DeFi Llama’s signal. The DeFi Llama Swap contracts have not been compromised, and there are no additional risk to users.

https://twitter.com/DefiLlama/status/1856288177608159679 

DeFi Llama Swap aims to be a zero-fee service, seeking the most efficient route among multiple aggregators. The swap service is targeting Ethereum and L2 tokens, and is not compatible with Solana wallets. DeFi Llama itself is a passive data service that does not require a wallet connection. 

Even with a malicious link, some wallets should warn about the discrepancy through internal checks, and prevent any transactions or permissions. Using sponsored content on Google is a relatively old way to serve fake links and attempt to drain wallets. 

Google ads have targeted crypto projects, especially during bull runs when mainstream enthusiasm for crypto is rising. The ad arrived after a slight uptick in ‘DeFi’ search terms on Google. 

The Defi Llama Swap spoof site was identical to the original, with the exception of the URL. The faked site was flagged for suspicious activity, but contains no malware. The risk comes from the voluntary decision of the user to connect a wallet and attempt a swap. 

DeFi Llama notified of a spoof link, which showed a suspicious URL.
DeFi Llama notified of a spoof link, which showed a suspicious URL. | Source: URL Analysis

DeFi Llama advises to reach the URL from its main data service page, and then make sure it is the same tab and connection. Similar search results remain a risk for other DEX and services. Any unofficial links requiring a wallet connection have the potential to send out transactions and drain wallets. As long as the user does not sign approvals or issue transactions, the link itself was not dangerous.

Phishing link scams accelerate, become more sophisticated

In addition to social media or chats, malicious calls to sign a transaction have also come from Lottie Player, a Wordpress tool for animations and popups. Other recent reports reveal wallets may be attacked by malware posing as a Zoom link. Similar links have been posted for MetaMask and other often-used crypto services. 

Phishing scams are a relatively minor part of overall crypto losses. However, they are some of the most damaging, as they attack personal holdings and wealth. In October, scams and project attacks accelerated, to more than 46 events based on Certik’s reporting. Phishing scams are an additional risk of loss, and may affect both end users and platforms. 

Estimates put phishing scams at around $20M in October, extending the trend in the new month. This type of scam was happening the most often. The attempts to drain wallets reawakened in September, after a few slow months. 

Targeting personal wallets is happening during NFT and meme token booms, where multiple crypto events may require a wallet connection. The hackers make use of lowered attention and hide behind legitimate services or spoofed links. On social media, malicious links are also contained in promises for fund recovery, often attempting to ask for a wallet’s private keys.

On-chain data shows up to 493 ETH stolen in September, the highest level for 14 weeks in a row. Scams are not happening regularly, and may hinge on campaigns and clustered attempts. Usually, a handful of wallets will spawn an attack in a short time frame. Similar to malicious links, poisoned addresses are also targeted operations, working fast within days to hit as many victims as possible. 

More than 90% of phishing scam victims are users of the Ethereum network. Most wallet attacks are phishing, with under 10% linked to poisoned addresses.

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Nvidia stock sinks 4% as Trump’s tariff plans rattle AI tradeNvidia shares fell over 4% early Monday after US President Donald Trump delivered a stern message about trade tariffs. Trump said on Sunday that no country would be given any special treatment regarding tariffs. He also signed new trade policies into effect on April 2, which he calls “Liberation Day.” This frightened investors, who had […]
Author  NewsBTC
Apr 01, Tue
Nvidia shares fell over 4% early Monday after US President Donald Trump delivered a stern message about trade tariffs. Trump said on Sunday that no country would be given any special treatment regarding tariffs. He also signed new trade policies into effect on April 2, which he calls “Liberation Day.” This frightened investors, who had […]
placeholder
Bitcoin Price Bounces Back—Can It Finally Break Resistance?Bitcoin price started a recovery wave above the $83,500 zone. BTC is now consolidating and might struggle to settle above the $85,500 zone. Bitcoin started a decent recovery wave above the $83,500
Author  NewsBTC
Yesterday 03: 37
Bitcoin price started a recovery wave above the $83,500 zone. BTC is now consolidating and might struggle to settle above the $85,500 zone. Bitcoin started a decent recovery wave above the $83,500
placeholder
Bitcoin Price Struggling but Short-Term Holders Might Be Setting the Stage for $150KBitcoin has recently displayed signs of upward momentum, trading at $85,215, marking a 2.2% increase in just the past day. Despite this short-term gain, the asset remains down by over 21.2% from its
Author  NewsBTC
22 hours ago
Bitcoin has recently displayed signs of upward momentum, trading at $85,215, marking a 2.2% increase in just the past day. Despite this short-term gain, the asset remains down by over 21.2% from its
placeholder
U.S. March Nonfarm Payroll Preview: Even If Data Aligns with Expectations, Financial Markets May Not Escape the Fate of VolatilityOn 4 April 2025, the United States will release its March Nonfarm Payrolls (NFP) data. The market consensus currently anticipates job growth of 128,000, a decline from February’s 151,000 (Figure 1). W
Author  TradingKey
22 hours ago
On 4 April 2025, the United States will release its March Nonfarm Payrolls (NFP) data. The market consensus currently anticipates job growth of 128,000, a decline from February’s 151,000 (Figure 1). W
placeholder
Gold price stabilizes ahead of Trump's tariffs announcement on “Liberation Day”Gold price (XAU/USD) stabilizes just above $3,130 at the time of writing on Wednesday following a mean reversal move the prior day after a fresh all-time high got eked out at $3,149 before closing in negative territory.
Author  FXStreet
21 hours ago
Gold price (XAU/USD) stabilizes just above $3,130 at the time of writing on Wednesday following a mean reversal move the prior day after a fresh all-time high got eked out at $3,149 before closing in negative territory.
goTop
quote