Social-media impersonation scam spike

Frax Finance's assessment for RD-F-109 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Social-media impersonation is an elevated threat surface for Frax Finance. Confirmed incidents: (1) 2024-06-01 X/Twitter @fraxfinance account hacked — CEO Sam Kazemian suspected insider involvement at X; account used to post content impersonating team (account takeover, not DPRK). (2) Active fake GitHub Pages sites (financefrax.github.io, web-frax-finance.github.io) found in 2026-05-17 search results — confirmed active impersonation surfaces. (3) 2023-11 DNS hijack of frax.finance created a malicious clone site (frontend impersonation). Recurring impersonation pattern across multiple vectors (X, DNS, GitHub Pages). No acute spike event occurring in real-time today, but confirmed historical pattern and active fake sites score yellow. This is a documented recurring threat surface.

Sources #

URL
Fake Frax Finance GitHub Pages impersonation siteFake GitHub Pages: financefrax.github.io and web-frax-finance.github.io active as Frax impersonation sitesretrieved 2026-05-17
URL
crypto.news — Frax Finance X hack June 20242024-06-01 X hack alternative attribution: serial scammer rather than X insiderretrieved 2026-05-17

Methodology #

Detect a sharp uptick in Discord/Telegram/X accounts impersonating the protocol team or announcing fake airdrops.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-109 score yellow collected_at 2026-05-16 20:44:31