Decentralized finance yield farming platform Yearn Finance has a doppelganger that is tricking visitors into sharing the private keys of their cryptocurrency wallets.
The scam website of Yearn Finance perfectly copies almost every aspect of the original yearn.finance website down to its design, website copy and even domain name. The scammers behind the website chose the domain name “yaerm.finance,” making it look extremely similar to “yearn.finace.”
They have also promoted their landing page for the search keyword “yearn finance” so it shows up on top of the search results when people search for the actual real website.
Once a user clicks the ad, it directs them to the yaerm.finance page that looks exactly like Yearn Finance’s official website. However, after scrolling down from the first window that appears, one finds that the website contains a strange guide to "seven easy hairstyles."
Similar to the original website, the scam website also has six different options in the first window. These include Dashboard, Vaults, Earn, Zap, Cover and Stats.
Irrespective of what option a user clicks, it directs them to a page that prompts users to connect their wallets.
When users try to connect their wallets, the scam site presents a list of crypto wallets they may choose from. Then, it shows a pop up that asks the users to share the private key or passphrase.
Doppelganger scams are relatively common in the crypto space. Another website is posing as Trust Wallet to cheat crypto users.
Crypto India wrote on Twitter that scammers have been sending Binance Coin (BNB) dust — a very small fraction of a cryptocurrency that cannot be exchanged or transacted — to random cryptocurrency wallets. Each of these transactions had a memo that notified users that they had won 30 or 50 BNB tokens and contained an external link to “claim” those tokens.
The Trust Wallet-like website has a call-to-action button that reads “Claim Prize” and upon clicking, opens a window that requests the users to enter their private keys.
Users who are new to crypto and are not aware of the importance of keeping their private keys “private” may easily fall for these scams and give the scammers easy access to their funds.