We are investigating Protocol Yield (domain py.xyz) due to a significant conflict between the platform's own marketing claims and official regulatory warnings. The independent evidence chain behind the various "guarantees" it offers to investors is exceptionally weak. This risk is not theoretical—the New Zealand Financial Markets Authority (FMA) has issued a direct warning against Protocol Yield (py.xyz), linking it to misleading compliance and licensing statements, which regulators explicitly associate with fraudulent activities.[1]
The Image Protocol Yield Projects
Protocol Yield presents itself as an "AI-driven" social investment platform where investors can "connect" their exchange accounts, allocate funds to "verified experts," and pay through profit sharing rather than subscription fees.[2] Its homepage emphasizes convenience and confidence: daily profits, low entry thresholds, a "Py Score" ranking system, and institutional-grade custody and risk control.[2] These are typical promises used to package unlicensed investment activities as "compliant products."
Protocol Yield's Own Claims
On its website, Protocol Yield claims to be "registered as Marida Limited" and displays "License No. # 76783901-000-07-24-0 | Hong Kong."[2] The same "registered as Marida Limited" wording appears on multiple pages of its website, including the contact and FAQ pages.[2][3] Its "About" page states it was "founded in 2025 by a group of passionate pioneers," portraying the platform as a rapidly expanding new entrant.[3]
Two specific marketing claims are particularly noteworthy as they are designed to allay investor concerns.
First, Protocol Yield claims to have "official brokerage partnerships" with platforms like Binance and Bybit, presenting this as the foundation for "secure custody" and unified profit-sharing infrastructure.[2]
Second, it claims that "funds are SAFU and secure," asserting that assets are "protected through our partnership with Binance's Secure Asset Fund for Users (SAFU)."[2] This is not casual wording. "SAFU" is a branded term by Binance, widely recognized in the crypto industry. The website's wording reads as if implying that a major exchange's protection mechanism extends to Protocol Yield's users.[2]
Finally, Protocol Yield displays a rating claim: "4.9 stars" and "1500+ reviews."[2] This is intended to serve as social proof, but the website does not transparently explain where these reviews come from, how they are verified, or whether they relate to real accounts and genuine withdrawal experiences.[2]
The Most Serious Facts in Public Records
The warning from the New Zealand FMA is the most decisive, publicly verifiable data point we found. Initially issued on May 2, 2025, and later updated on January 29, 2026, the warning states that an associated entity, Protocol Yield (py.xyz), "is operated by the same CEO as Lquid Pay" and makes "similar false statements" on its website, including "falsely claiming its parent company Marida Limited is licensed in Hong Kong."[1] The FMA adds a critical statement that should not be ignored: "False statements of regulatory status of this nature are often associated with fraudulent activities."[1]
This is not an accusation on the internet or a debate on a forum. It is a financial regulator describing a pattern, associating it with a named website, and explaining why the pattern is significant.[1]
The FMA's warning also documents a series of misleading statements by the associated operator, including "false and misleading" claims, mentioning a trademark claim that was "not true at the time," and noting that "Marida Limited did not obtain a trademark until September 2025."[1] This timing is important as it reveals a familiar strategy: marketing a compliance narrative first, then attempting to backfill paperwork later.
Registration Does Not Equal Licensing, the Truth Behind the Number
Protocol Yield's website uses a Hong Kong narrative framework, repeatedly claiming it is "registered as Marida Limited" and displaying a "license number" string.[2] Public company directories show that a Hong Kong entity named Marida Limited does exist, with a registered office address matching the address shown on Protocol Yield's contact page (Room 2401-16, Wing Shing Industrial Building, 26 Ng Fong Street, San Po Kong, Hong Kong).[4][5] The same directory shows it was established around July 9, 2024, with a registration number of 76783901.[5][6]
At this point, the presentation of the "license number" becomes a red flag rather than a safety assurance. Protocol Yield's "License No. # 76783901-000-07-24-0" appears to be a formatted variant of the company number (76783901) shown in the public directory, padded to look like a license credential.[2][6] Company registration and business registration identifiers themselves are not investment authorizations. Regulators issue licenses for financial activities; registries record the existence of companies.
When viewed alongside the FMA's explicit statement that Protocol Yield "falsely claims" its parent company "is licensed in Hong Kong," the risk becomes more acute.[1] If a platform relies on the optics of company registration to imply regulatory authorization, it is a classic misleading strategy.
Name confusion is another means of creating a false sense of security. Another unrelated "MARIDA LIMITED" (Company No. 08139648) exists in the UK Companies House register, indicating that "Marida Limited" is not a unique identifier and may be used to mislead through name collision.[7] Entities with similar names in different jurisdictions are common, but this does not provide validation for any licensing claims by Protocol Yield.
If Truly Licensed, What a Hong Kong License Should Look Like
The Hong Kong Securities and Futures Commission (SFC) maintains a public register of licensed persons and registered institutions under the Securities and Futures Ordinance, as well as licensed virtual asset service providers under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance effective June 1, 2023.[8][9] In other words, Hong Kong has a public mechanism to verify whether an intermediary truly holds a license to conduct regulated activities.[8][9]
Protocol Yield does not provide a verifiable SFC license identity in the format used by the SFC register (e.g., central entity number, license type, and scope of regulated activities).[8] Instead, it relies on a "license number" string associated with "Marida Limited" and "Hong Kong."[2] This is precisely the type of presentation regulators warn about: it sounds official but cannot be verified like a genuine license.
Domain Age and "Operating History" Marketing
Independent domain analysis tools commonly used in anti-fraud work show that py.xyz is relatively new. ScamDoc lists the domain creation date for py.xyz as "February 5, 2025."[10] Automated reputation platforms also flag py.xyz with extremely low trust scores and identify high-risk crypto-related activity indicators.[11][12][13] These automated tools should not be seen as definitive conclusions, but they are useful as auxiliary signals: a newly registered domain, privacy-protected ownership, limited independent reputation, combined with aggressive financial marketing—this combination is repeatedly associated with fraud.
Even if a domain is older, it still cannot prove operational continuity. Domain investors frequently buy and sell old domains, and domain age is widely regarded as an imperfect trust metric.[14] Fraud operations have exploited this for years: acquiring an old domain, launching a "new" platform on it, and then claiming a long operating history based on the domain's age rather than the platform's actual record.
Protocol Yield itself claims to have been established in 2025.[3] This aligns with the domain age indicator placing py.xyz in the 2025 timeframe.[10] The issue is not that the platform is new. The issue is: "new" combined with "regulated/protected" claims, plus "daily profit" promises—historically, this is where concentrated losses occur.
Issues with Review Claims
Protocol Yield's homepage displays "4.9 stars" and "1500+ reviews."[2] However, at least one major trader review site shows "0 reviews" and "not yet rated" for Protocol Yield, despite describing the same domain (PY.xyz) and similar platform framework.[15] This discrepancy does not prove fabrication, but it exposes a core issue: Protocol Yield wants investors to rely on social proof without providing any independently auditable trail for that proof.
In fraud cases, fake review counters are not decorations but conversion tools. When withdrawals slow or stop, a significant portion of victims report that they stayed longer because the platform "looked popular" and others "must be withdrawing." The lack of transparent, third-party review depth should be seen as a risk factor, not a neutral detail.
The Most Likely Fraud Script Behind Protocol Yield
Based on Protocol Yield's product design (copy trading or strategy allocation via exchange connections), its marketing language (daily profits, low entry thresholds, "verified experts"), and regulatory warnings about false licensing claims, we assess the most likely fraud models as follows.
The first is the API key exhaustion model. Platforms that ask users to "securely connect your preferred exchange" can request API permissions.[2] If permissions include withdrawal capabilities, or users are guided to insecure permission settings, attackers do not even need to custody assets—the exchange account itself becomes the custodian, and the platform becomes the control layer. Funds can be drained through internal transfers, high-fee trades, or direct withdrawals to attacker-controlled addresses. Even if withdrawal permissions are not enabled, abusive trading can burn balances through slippage, illiquid trading pairs, or coordinated counterparty trades.
The second is the locked withdrawal upgrade model. In this model, the platform dashboard shows continuous profits, sometimes "daily profits," as Protocol Yield advertises.[2] Once users attempt to withdraw meaningful amounts, requirements like "verification," "fees," "liquidity," or "risk control" appear. Victims are forced to deposit more funds to "unlock" withdrawals. Deposits are the business model, and profits are just numbers on the user interface.
The third is the referral-driven Ponzi structure. Automated scanning tools and independent reviews have flagged multi-level marketing-related content associated with py.xyz.[11][12] This aligns with the FMA's emphasis on false regulatory status—a model often used to sustain recruitment activities after early suspicions arise.[1] In such scams, a seemingly normal investment product is secondary; the real engine is referral commissions, tiered "wealth manager" narratives, and social pressure.
The fourth is compliance theater. Protocol Yield has published a list of sanctioned countries and legal pages that look like compliance documents.[16][17] This does not prove genuine compliance. Fraudulent platforms often borrow the structure of regulated financial websites to create a sense of "compliance presence." The FMA's warning illustrates why this matters: it documents false and misleading compliance claims related to Protocol Yield and its associated entities.[1]
The fifth is identity information harvesting. Any platform guiding users through KYC-like processes or collecting personal identity documents may expose victims to secondary harm: identity theft, SIM card swap attempts, account takeovers, or subsequent targeted "recovery scams"—where victims are contacted by another fake company promising to recover losses for a fee.
What Victims Typically Face and What Measures Are Usually Effective
When a platform resembles Protocol Yield's model, the first stop-loss window is usually technical, not legal. If exchange connections have been established, affected users typically reduce risk by revoking API keys, resetting exchange passwords, enabling strong two-factor authentication, and checking recent account activity for unfamiliar IP logins, new withdrawal addresses, or abnormal trades. If assets still reside in the connected exchange, victims usually prioritize moving funds to a wallet they control or a new exchange account not associated with the platform—because the speed of a compromised control layer's operations often outpaces customer service ticket processing.
If funds have already been moved off-platform, remaining options typically involve reporting and documentation rather than recovery. Exchanges can sometimes freeze funds when they reach identifiable addresses on the same exchange, but this is time-sensitive and relies on fund tracing, internal controls, and jurisdictional cooperation. Reporting to regulators is also important, especially when a warning has already been issued by a regulator. The FMA's warning explicitly lists Protocol Yield (py.xyz) as an associated entity with false statements.[1] Such public records often play a role when banks and exchanges assess whether to initiate investigations.
The second wave of foreseeable harm is "recovery" scams. After public warnings spread, victims are often contacted by new entities claiming they can recover losses, often using the same branding elements and compliance theater. This is why credibility should be anchored in verifiable regulatory records, not private messages, Telegram channels, or unsolicited contacts.
Why This Pattern Looks Familiar
The history of crypto fraud is filled with "high-yield" platforms that borrow financial vocabulary and use community recruitment to expand. For example, BitConnect was associated with a high-yield investment program described as a Ponzi scheme, collapsing after regulatory actions and subsequently becoming the target of SEC and DOJ actions.[18][19][20] PlusToken operated as a global crypto Ponzi scheme, promising wallet returns while seizing billions in cryptocurrency. According to blockchain analysis reports, its collapse had widespread market impacts.[21][22] Forsage was charged by the SEC as a fraudulent crypto pyramid and Ponzi scheme, with a DOJ-announced indictment later describing it as a $340 million decentralized finance (DeFi) Ponzi and pyramid operation.[23][24]
A modern variant is crypto yield products marketed in the form of "membership package" plans, often wrapped in community language and false leadership. Reports on HyperFund/HyperVerse describe allegations of a multi-level marketing pyramid and Ponzi structure, sold on high return promises.[25] The focus is not that Protocol Yield is identical to any of these cases. The focus is that its building blocks match: consistent promised returns, implied institutional endorsements, and a regulatory narrative that cannot be clearly verified.
Risk Conclusion on Protocol Yield
Protocol Yield is not just a "potentially risky new platform." It is a platform whose public marketing claims directly contradict official regulatory warnings—the warning specifically names its domain and describes its licensing statements as the type typically associated with fraudulent activities.[1] Its presentation of a Hong Kong "license number" appears constructed to mimic official authorization, yet it is difficult to verify like a genuine financial license.[2][8][9] Its Binance SAFU statement is packaged as a "partnership" without the usual third-party confirmation that would exist if a major exchange's user protection mechanism truly covered an independent platform.[2] Its claim of "1500+ reviews" lacks clear independent anchors and contradicts at least one third-party listing showing no user reviews.[2][15]
Considering the FMA's warning, the risk of false compliance statements, and the platform's high-pressure profit marketing framework, we assess Protocol Yield on py.xyz as a high-risk operation, with scam characteristics consistent with copy trading exhaustion scams, locked withdrawal traps, and referral-driven Ponzi dynamics.[1][2][11][12]
References
[1] https://www.fma.govt.nz/library/warnings-and-alerts/lquid-finance-ta-lquid-pay/ (Accessed May 19, 2026)
[2] https://www.py.xyz/ (Accessed May 19, 2026)
[3] https://www.py.xyz/about (Accessed May 19, 2026)
[4] https://www.py.xyz/contact (Accessed May 19, 2026)
[5] https://www.ltddir.com/companies/marida-limited/ (Accessed May 19, 2026)
[6] https://hkaddresses.com/zh/company/803062 (Accessed May 19, 2026)
[7] https://find-and-update.company-information.service.gov.uk/company/08139648 (Accessed May 19, 2026)
[8] https://www.sfc.hk/en/Regulatory-functions/Intermediaries/Licensing/Register-of-licensed-persons-and-registered-institutions (Accessed May 19, 2026)
[9] https://www.sfc.hk/en/Regulatory-functions/Intermediaries/Licensing/Register-of-licensed-persons-and-registered-institutions/Public-register-of-licensed-persons-and-registered-institutions (Accessed May 19, 2026)
[10] https://www.scamdoc.com/view/2199521 (Accessed May 19, 2026)
[11] https://www.scamadviser.com/check-website/py.xyz (Accessed May 19, 2026)
[12] https://gridinsoft.com/online-virus-scanner/url/py-xyz (Accessed May 19, 2026)
[13] https://www.scamadviser.com/check-website/app.py.xyz (Accessed May 19, 2026)
[14] https://www.namecheap.com/blog/domain-age-metric-domain-investing/ (Accessed May 19, 2026)
[15] https://www.forexpeacearmy.com/forex-reviews/22636/protocol-yield-review (Accessed May 19, 2026)
[16] https://www.py.xyz/privacy-policy (Accessed May 19, 2026)
[17] https://www.py.xyz/sanctioned-countries (Accessed May 19, 2026)
[18] https://en.wikipedia.org/wiki/Bitconnect (Accessed May 19, 2026)
[19] https://www.sec.gov/newsroom/press-releases/2021-172 (Accessed May 19, 2026)
[20] https://www.justice.gov/archives/opa/pr/bitconnect-founder-indicted-global-24-billion-cryptocurrency-scheme (Accessed May 19, 2026)
[21] https://en.wikipedia.org/wiki/PlusToken (Accessed May 19, 2026)
[22] https://www.chainalysis.com/blog/plustoken-scam-bitcoin-price/ (Accessed May 19, 2026)
[23] https://www.sec.gov/newsroom/press-releases/2022-134 (Accessed May 19, 2026)
[24] https://www.justice.gov/archives/opa/pr/forsage-founders-indicted-340m-defi-crypto-scheme (Accessed May 19, 2026)
[25] https://www.theguardian.com/technology/2024/jan/30/australian-sam-lee-charged-with-conspiracy-to-commit-in-us-for-role-in-ponzi-scheme (Accessed May 19, 2026)
