Before we get going, I should point out right at the onset that Alpaca Finance is an awesome project. Truly remarkable work that differentiates the platform from others in the world of DeFi. Just browse through the official Discord server and you’ll see the exact same sentiment. Unfortunately, hackers have setup a clone site to defraud unsuspecting farmers (yeah, I said farmers – probably not the right term, but y’all should know what I’m talking about).

You really have to be careful out there. Same logos and overall look and feel to the site might give a false sense of security. Vigilance and skepticism is necessary to protect yourself. Here are a few ways you can quickly identify a Fake DeFi clone site:

  1. Look at the domain / url. Sounds simple, but if it’s a project that you frequent, you can easily identify if something is amiss. If you are new to a given project, leverage one of the major crypto token databases like CoinMarketCap.com or CoinGecko.com. You’ll be able to verify key metadata, including the official website:

    As a side note, make sure you review the audits and take note of the official contract addresses.
  2. Look for social engineering efforts that go out of their way to create a sense of security and establish trust. For instance, this fraudulent site states that it’s actually a “regulated company.” Reading on, you can see significant errors in grammar and additional attempts to make you feel comfortable by pointing out how “easy” it is to claim your ALPACA.
  3. Do a Whois lookup on the domain and lookup where it is hosted:

Although most blockchains will provide traceability, such that one can “follow the money,” hackers have found ways to leverage token mixers to mask the final end points of their theft (intentionally not providing a link).

I’m shocked at how brazen the criminals have become. With the administration in the United States focused on finding new ways to tax people (via crypto or car milage fees for instance), the Federal Government may not be in the best position to take these fake sites offline before people lose their crypto assets.

Alpaca Finance DeFi DeFi Fraud hacking Social engineering token mixer