Protocol-impersonator domain registered (typosquat)
Multipli's assessment for RD-F-161 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Confirmed active impersonation domain: mainnet-multipli.fi documented as a crypto-drainer site mimicking Multipli (multipli.fi) by PCRisk (April 24, 2025) and MalwareGuide (April 25, 2025). The fake site promotes a wallet-drainer contract that activates upon wallet connection. Per taxonomy definition (domain registered within last 90 days of assessment): mainnet-multipli.fi was first documented ~388 days before assessment (May 17, 2026) — outside the strict 90-day window. However the active impersonation ecosystem poses ongoing brand risk and user-harm risk. Profile §11 references multipli-fi.net as an additional potential scam site; this domain was NOT confirmed by public OSINT searches — only mainnet-multipli.fi has documented evidence as of assessment date. Score: yellow (domain outside 90-day registration window but active and documented; ongoing risk).
Sources #
- URLPCRisk — Multipli $MULTI Registration Scam (mainnet-multipli.fi)PCRisk documented mainnet-multipli.fi crypto drainer April 24 2025; domain mimics multipli.fi; wallet drainer confirmedretrieved 2026-05-17
- MalwareGuide — Multipli $MULTI Registration ScamMalwareGuide confirmed mainnet-multipli.fi April 25 2025; mimics Multipli platform multipli.fi; wallet drainerretrieved 2026-05-17
Methodology #
Determine whether a typosquat of the official protocol domain has been registered in the last 90 days.
See the full factor methodology and distribution across all protocols →