defirisk.co
rubric v1.7.0

Protocol-impersonator domain registered (typosquat)

ether.fi's assessment for RD-F-161 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Multiple confirmed impersonator domains documented: claim-ether[.]fi, ciaim-ether[.]fi, ciaim-ether[.]com, ciaim-etherfi[.]com, app-etherpoints[.]fi, ethercoindefi[.]app, ethar[.]fi. Active as of Nov 2025 running ETHFI giveaway phishing campaigns that drain user wallets. PCRisk article updated Nov 19, 2025. Multiple domains span 2+ years of persistent impersonation activity. Delta from most-recently-documented registration to assessment (2026-04-28) is ~160 days — outside the 90-day trigger window for those specific domains but the ongoing ecosystem warrants yellow. New registrations likely ongoing; production WHOIS/DomainTools monitoring required.

Sources #

  • URL
    Fake Ether.fi Website Scam — PCRiskPCRisk fake ether.fi domain documentation: claim-ether[.]fi, ciaim-ether[.]fi, ethar[.]fi, app-etherpoints[.]fi, ethercoindefi[.]app — updated Nov 19, 2025retrieved 2026-04-28

Methodology #

Determine whether a typosquat of the official protocol domain has been registered in the last 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ether-fi factor RD-F-161 score yellow collected_at 2026-04-28 13:58:46