# governances-ethena.finance — SUSPICIOUS > governances-ethena.finance: Crypto drainer scam impersonating Ethena with 0/95 VirusTotal detections. Avoid connecting wallets or entering credentials. ## Summary governances-ethena.finance has been identified as an active crypto-draining scam mimicking the Ethena protocol, posing severe risks to cryptocurrency users. The domain employs a deceptive brand impersonation tactic, luring victims under the guise of governance participation with Ethena-related services. Threat actors behind this campaign utilize social engineering and malicious wallet connection prompts to siphon funds from unsuspecting users. Immediate action is required to prevent financial losses and protect assets within the crypto ecosystem PhishDestroy identifies governances-ethena.finance as a high-risk brand impersonation scam targeting Ethena users through crypto-draining tactics. This domain exhibits multiple red flags, including a recent registration on April 05, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to an IP address, 188.114.97.3, associated with suspicious hosting infrastructure. The domain utilizes a Let's Encrypt SSL certificate, which is a common tactic employed by threat actors to lend false legitimacy to fraudulent sites. Despite its active status, the domain remains undetected by VirusTotal with 0/95 engines flagging it as malicious, highlighting the evasiveness of this campaign. No domain blocklists or trust scores currently flag the site, allowing it to operate unimpeded. These technical indicators suggest a newly deployed, carefully crafted scam designed to evade early detection PhishDestroy flags governances-ethena.finance as an under-investigation threat with active operational status. Users must immediately cease all interactions with governances-ethena.finance, including refraining from wallet connections, credential entries, or fund transfers. Cryptocurrency drainers commonly exploit users via malicious smart contract approvals or fake airdrop claims—ensure all wallet approvals are revoked and only interact with verified, official Ethena platforms. If you suspect exposure to this scam, disconnect affected wallets, revoke suspicious token approvals, and report the domain to relevant authorities (e.g., Anti-Phishing Working Group) and Ethena’s official support channels. Exercising caution and verifying all links and domains prior to engagement remains the most effective defense against such crypto-draining campaigns PhishDestroy urges immediate caution and proactive mitigation to prevent financial theft from this Ethena impersonation scam. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-05 00:07:19 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/governances-ethena.finance - PhishDestroy: https://phishdestroy.io/domain/governances-ethena.finance/ - LLM endpoint: https://phishdestroy.io/domain/governances-ethena.finance/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/governances-ethena.finance/ Last updated: 2026-04-05