The pirates take up areas of hundreds of deceased “zombies” projects of user deception holding and stealing their crypto with portfolio drainage code.
It is according to Coins Respect, a crypto security company, which published its conclusions in a blog article on Wednesday.
“By reusing the brand image and the original reputation of the project, attackers can encourage users to report malware,” said Coins Respect.
The attackers take care of the abandoned DEFI protocol areas which remain linked from deemed DEFI data platforms, such as Defillama and Dappradar, as well as information sites. The two companies have removed problematic links.
They then insert the malicious code and modify the site to encourage visitors to sign onchain transactions designed to empty the crypto from their wallets.
“Unlike typical phishing campaigns, DAPP Zombie attacks do not need to use unsolicited messages or social engineering to attract victims,” said Coins Respect, referring to decentralized applications on a blockchain.
“Users can be channeled naturally from legitimate and long -standing sources.”
Until now, the company has identified more than 100 cases of reused web domains designed to steal the crypto of without distrust users.
As the DEFI industry increases and more projects launched and closed, the problem should become more serious.
The report occurs while industry is experiencing its worst year for cryptographic flights at the back of the hacking of $ 1.4 billion in crypto exchange in February.
Digital thugs are at the rate of stealing more on the cryptography services than ever this year, said the Safety Society of Crypto Chainalysis in its report of updating the crime of cryptography in the middle of the year in 2025.
When the developers launch DEFI protocols, they generally pay to record the web domain through which the majority of users access it for a defined period of time.
When this period ends and the owners do not renew it, often because the project has stopped or disappeared, the bad actors can plunge and record the domain themselves.
A spokesperson for Coins Respect said DL News It is difficult to produce a reliable total for the quantity of stolen attackers using this method because they regularly turn the address to which the stolen crypto is directed.
“The reports and the blocking list of these areas as soon as they were put directly have considerably limited the number of victims,” said the spokesperson.
An example highlighted by Coins Respect is Astar Exchange, a DEFI exchange on the blockchain of the Astar network, which once held $ 3.5 million in investor deposits.
The project has been inactive since February of last year and its field expired on April 25.
On July 3, his domain was re -registered. Shortly after the new owner deployed a false version of the site with a stop notice. The page encouraged users to withdraw any marked funds by connecting their portfolios.
