Protocol-impersonator domain registered (typosquat)

Venus Protocol's assessment for RD-F-161 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Venus has confirmed active phishing ecosystem targeting its users. September 2025 Lazarus attack used fake Zoom client ($13.5M targeted, recovered). Venus X account published formal Phishing Post-Incident Analysis (2026). SlowMist documented the attack as Lazarus-class social engineering. The breadth of the phishing apparatus implies brand impersonation infrastructure. No confirmed specific typosquat domain name confirmed from OSINT searches (WHOIS requires DomainTools API — structural gap). Venus is a top-3 BSC DeFi brand by TVL; brand impersonation probability is elevated. Scored yellow: documented phishing ecosystem, no confirmed active typosquat domain registration within 90 days from public OSINT sources.

Sources #

URL
SlowMist — In-Depth Analysis of $13M Venus User Hack (social engineering)https://slowmist.medium.com/slowmist-in-depth-analysis-of-the-13-million-venus-user-hack-13f35287a743retrieved 2026-04-28
URL
Venus Protocol X — Phishing Post-Incident Analysis (2026)https://x.com/VenusProtocol/status/1963251755543839227retrieved 2026-04-28

Methodology #

Determine whether a typosquat of the official protocol domain has been registered in the last 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-161 score yellow collected_at 2026-04-28 18:30:49