Home Leaderboard Launch App
SECURITY ALERT · IMPORTANT · READ THIS

Beware of Copycats — fake sites are impersonating StormBot

April 28, 2026

Sites pretending to be StormBot are real, and they are dangerous. They copy our look, lift our branding, and wire their "connect wallet" screen to steal your keys. We have already had to kill one Cloudflare-fronted clone — polyball.xyz — that fronted our origin and tried to pass itself off as us. So this is not a hypothetical. There is exactly one legitimate StormBot, and it lives at one domain. Everything below explains how to recognize the real thing and what to do if you have already touched a fake.

The only legitimate StormBot domain

https://stormbot.ai — this is the only domain we operate. If the address bar says anything other than stormbot.ai, you are not on StormBot.

Bookmark it. Type it. Do not trust links from DMs, Telegram groups, Discord, or random tweets promising "the new StormBot." There isn't one — there is just stormbot.ai.

Clones already exist — assume more are coming

Impersonation isn't a future risk for us; it has already happened. A copycat hosted behind Cloudflare pointed straight at our origin servers and tried to serve our own dashboard under a different name. We shut it down with a strict host check at the edge plus a hostname guard in the page itself — but the lesson stands: anyone can stand up a look-alike in an afternoon.

Confirmed clone (taken down): a Cloudflare-fronted copy of stormbot.ai
It mirrored our entire front end and proxied our origin. Not safe and not legitimate. Expect new TLD swaps, hyphenated knock-offs, and "poly"-prefixed variants to surface — treat every one of them as hostile until proven otherwise.

We won't publish a fake-URL whack-a-mole list here, because new ones appear faster than any list stays current. The rule is simpler and never goes stale: if it isn't stormbot.ai, it isn't us.

What the scammers actually do

The playbook is depressingly consistent across crypto phishing, and StormBot is a prime target because trading means wallets are already in the loop:

  • Lookalike wallet flow. The "connect wallet" screen on a clone looks identical to ours, but the form is wired to a stranger. The moment you paste a key or sign, your funds are gone.
  • Fake "StormBot migration" announcements. Urgent posts telling you to "move your wallet to the new domain." There is no migration. StormBot does not move to new domains and will never ask you to.
  • Sponsored search ads. Copycats buy ads at the top of search results for "stormbot" and "polymarket weather bot." Skip the ads — type the address or use your bookmark.
  • Fake support DMs. If someone messages you claiming to be StormBot support and asks for your private key, seed phrase, or a "verification signature," they are not us. StormBot will never DM you asking for keys or seed phrases — ever, by any channel.

If you connected a wallet to a copycat

Move your funds to a fresh wallet immediately. Any key or seed phrase you entered on a fake site should be considered fully exposed. Generate a brand-new wallet, transfer everything out of the compromised one, and stop using the old one for trading entirely.

How to verify you're on the real StormBot

Five quick checks, in order. If even one fails, close the tab.

  1. 1 The URL bar reads exactly stormbot.ai — no trailing letters, no hyphens, no swapped TLD, no extra subdomains other than www.
  2. 2 The padlock is real. Click it. The certificate should be issued to stormbot.ai. Expired, mismatched, or self-signed means you are not where you think you are.
  3. 3 Type the URL yourself. Don't click a link in Telegram, Discord, X, an email, a Google ad, or a forum post. Typed URL only — or a bookmark you made on your first real visit.
  4. 4 Use a fresh trading wallet. Even on the real site, trade from a dedicated wallet holding only what you intend to trade — never your main wallet, never one with NFTs or long-term holdings.
  5. 5 If anything looks off, leave. Different fonts, missing pages, broken links, a "limited-time migration offer," or any prompt asking for a seed phrase — close the tab. Don't try to decide if it's "probably fine." It isn't.

Help us shut these down — report copycats

If you spot a domain claiming to be StormBot that isn't stormbot.ai, send it to us. We file takedown requests with registrars, hosting providers, Cloudflare, browser blocklists, and ad networks — but we can only act on sites we know about. Include the suspicious URL, a screenshot if you have one, and how you found it (DM, ad, search result). Most copycats can be killed within 24–72 hours of a good report; our users are the fastest detection network we have.

The bottom line

There is one StormBot, at one domain: stormbot.ai. Every other site claiming to be us is unsafe. Bookmark the real one, type it directly when in doubt, never enter wallet keys or seed phrases on a look-alike domain, and remember we will never DM you for them. Tell us when you spot a fake.

Stay sharp out there. Trading the storm is hard enough without losing funds to a typo.

Read next

Two New Ways to Play the Sky: Storm Spin and Storm Bet Are Live

June 16, 2026
Read article

The Hong Kong Lock: We Stopped Forecasting the City and Started Reading It

June 3, 2026
Read article

StormBot by the Numbers: 9,592 Traders, $2.87M in Member Profit, and Exactly What It Costs to Run

May 23, 2026
Read article
All articles
StormBot

Reasoning by Claude · Forecasts by GFS · ECMWF · UKMO · NWS

© 2026 StormBot. Atmospheric alpha for Polymarket.