Protocol-impersonator domain registered (typosquat)

Compound V3 (Comet)'s assessment for RD-F-161 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

compoond.finance typosquat registered ~Mar 7, 2026 (49 days before 2026-04-27 assessment — within 90-day window). Used to redirect compound.finance traffic. Resolved. Previous incident Jul 2024. Two confirmed impersonation incidents in 21 months.

Detail #

compoond.finance was registered approximately March 7, 2026 (WHOIS referenced in coinspectator.com/2026/03/08 article). The domain was used to redirect compound.finance traffic for a brief window, confirmed as an active phishing redirect. Source: Protos 2026-03-08 ('DeFi Lending Platform Compound Finance Hijacked Again'), coinspectator.com 2026-03-08, comp.xyz SSP security update thread 7675. The domain redirect was resolved via credential rotation. The prior incident (Jul 2024) involved Squarespace domain migration vulnerability — different attack method but same surface. Both incidents are within 21-month window. Domain is 49 days old at assessment date — within the 90-day detection window per RD-F-161 definition.

Sources #

URL
https://protos.com/defi-lending-platform-compound-finance-hijacked-againretrieved 2026-04-27
Governance
https://www.comp.xyz/t/7675retrieved 2026-04-27
URL
https://coinspectator.com/2026/03/08retrieved 2026-04-27

Methodology #

Determine whether a typosquat of the official protocol domain has been registered in the last 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-161 score yellow collected_at 2026-04-28 00:20:50