July 17, 2026
#The .come Typo: PancakeSwap’s Terms of Service Email a Domain That Doesn’t Exist
*TrustSniffer’s website engine flagged that PancakeSwap’s own Terms of Service list a contact address at pancakeswap.come — a top-level…

By Trustsniffer
3 min read
#The .come Typo: PancakeSwap's Terms of Service Email a Domain That Doesn't Exist
TrustSniffer's website engine flagged that PancakeSwap's own Terms of Service list a contact address at pancakeswap.come — a top-level domain that does not exist. It is a benign typo on a trusted domain, but it silently breaks the official support channel and shows why frontend integrity is part of on-chain security.
**TL;DR:**PancakeSwap — one of the largest decentralized exchanges — lists its contact in its own Terms of Service as info@pancakeswap.come. There is no .come top-level domain, so that mailbox can never receive mail. On an established brand it's a harmless typo, not a breach — but it silently breaks the official support channel, and a dead support inbox is exactly the gap phishing operations are built to fill. TrustSniffer's website engine flags it automatically.
[PancakeSwap's Terms of Service lists info@pancakeswap.come — an invalid .come TLD — and the phishing funnel a broken support channel creates]
The finding, and why it matters: a bounced support email pushes an anxious user toward a search result, a look-alike clone, and an approval-drainer.
## The finding
When our [website engine] rendered PancakeSwap's live Terms of Service, it read the listed contact address as info@pancakeswap.come. The problem is the final letter: .come is not a real top-level domain. Mail to it doesn't reach a mistyped inbox — it fails to resolve and bounces. The real address is info@pancakeswap.com. You can see the current verdict for the site on our [PancakeSwap report]
## Why a dead support inbox is an attack surface
On a domain with PancakeSwap's history this is benign — no funds are at risk from the typo itself. What it illustrates is that the frontend is part of the security perimeter, and a broken official support channel creates a vacuum that scammers are designed to fill:
-
A user emails the address in the Terms of Service — and it silently bounces.
-
Anxious about their funds, they search Google, Telegram or Reddit for "PancakeSwap support".
-
They land on a look-alike clone — a typosquat with a valid SSL certificate and no history.
-
The clone asks them to connect a wallet and sign a token approval; the moment they do, an approval-drainer sweeps the balance.
## How TrustSniffer caught it — and how you can
Our page module quotes the exact address it found and raises a suspicious_contact_email_tld signal — a contact email on an invalid or typo top-level domain. The broader lesson is procedural: verify the domain before you trust the brand. A real [website checker] scores a site's age, certificate origin and reputation, so a fresh clone with no history is exposed in seconds — long before a wallet is ever connected. Before approving any transfer, run the counterparty through a [wallet risk check] too.
## What to do as a user
-
Reach official support only through a domain you typed yourself or bookmarked — never a link from a search result or a DM.
-
Treat any "support" address or agent that contacts you first as hostile.
-
Check a site with a [website checker] before connecting a wallet, and set token approvals to the exact amount rather than unlimited.
-
Browse flagged high-risk crypto sites and verified-legitimate ones in the [directory].
Note: To be clear: this is a benign typo on a legitimate, established exchange — not evidence of wrongdoing by PancakeSwap. We highlight it because a single-character anomaly on a multi-billion-dollar protocol is a useful reminder that website integrity is part of on-chain safety, and the same automated scan that confirms a real site also surfaces small anomalies like this one.
FAQ
Is PancakeSwap unsafe because of this?
No. It is a harmless typo in a support email on an established, trusted domain — no funds are at risk from the typo itself. It matters as an illustration of how a broken support channel can be exploited by phishing clones, not as a flaw in the protocol.
What is a .come domain?
There is no .come top-level domain — it is a common misspelling of .com. An address ending in .come cannot receive mail and bounces. A scammer could, however, register a look-alike domain to impersonate a brand.
How can I tell a real crypto site from a clone?
Check its domain age, SSL certificate origin and reputation with a website checker before you trust it or connect a wallet. A convincing clone almost always has a brand-new domain and no history — which a scan exposes immediately.
— -
Originally published at [https://trustsniffer.com/blog/pancakeswap-come-email-typo-phishing-risk]. Check any wallet or website — free — at [TrustSniffer]