Skip to main content

Independent. Public. Non‑commercial.

We Act Before Victims Appear.

We are a volunteer threat‑intelligence group. For 5+ years we have disrupted phishing, drainers, and crypto fraud. We detect live threats first, preserve evidence, and coordinate takedowns with hosts, registrars, and AV vendors.

Live Reports Our Path Crypto-Scam Havens
500k+
Domains blocked
24/7
Automation + review
~0.01%
False-Positive Rate
Zero $
No donations/services

About PhishDestroy

Our approach is simple: when we see an active threat, we move immediately. We don’t wait for victims, lawsuits, or publicity — we act so there are no victims at all. This is our story.

Our Mission and Methods

We started with Steam scammers and spammy ads; today our scope is global crypto phishing, drainer networks, and large‑scale fraud operations. We conduct end‑to‑end casework: tracing money on‑chain to real operators, mapping infrastructure, and linking campaigns to specific panels, keys, and code. Our unique insight comes from having seen scams from the inside — not as employees but with full root‑level access to their infrastructure. This gives us an unparalleled edge to preempt new variants quickly.

Our Uncompromising Principles

  • Non‑commercial: We sell nothing and take no donations. No paid delistings, ever.
  • Public & Verifiable: Indicators, timestamps, and outcomes are public when safe and lawful.
  • No Victim Data Stores: We avoid holding sensitive personal data; tickets use IDs only.
  • Evidence Preservation: We keep web archives and technical artifacts so victims and investigators can self‑serve discovery later.
  • Lawful Cooperation: We coordinate with hosts/registrars and share artifacts with competent authorities when appropriate.

Our Path: From Insight to Impact

Deep Investigations

We don't just find domains. We trace crypto on-chain, map infrastructure, and connect disparate campaigns to a single source, following the money to the operators.

"Root-Level" Access

We've seen scams from the inside. This unparalleled access to drainer panels, phishing kits, and operator infrastructure gives us a unique edge to preempt their next move.

Evidence Preservation

Every site is archived. We preserve crucial artifacts—JS encryption keys, operator IDs—creating an evidence locker for law enforcement and victims to use, no questions asked.

Proactive Disruption

We act so there are no victims. By reporting to over 50 vendors simultaneously, we create a network effect that dismantles scam campaigns before they fully launch.

Crypto-Scam Havens: The Responsibility Gap

A disproportionate number of crypto-scams originate from a handful of registrars. This is not a coincidence—it's a systemic failure in abuse handling.

Crypto-Scam Domains by Registrar

Source: PhishDestroy Public DB, since June 1, 2025

The Data Doesn't Lie

When one registrar hosts thousands more malicious domains than competitors, it points to a tolerance for abuse, incompetence, or both. Scammers flock to platforms with the least resistance.

Our Role

We provide clear evidence to these registrars, giving them the opportunity to meet their ICANN obligations. Our public logs create accountability when they fail to act.

A Message for Victims: Your Silence is Their Weapon

Do not stay silent. Do not hide what happened. By doing so, you are doing the scammers a favor. Your silence breeds their impunity. More money for them means more attacks, more victims.

1. Get Immediate Help

For rapid response and professional help in any situation, contact the SEAL 911 team.

Contact SEAL 911

2. Report Publicly

The minimum you should do. Share information about the scammer with the world. It's a small step that can help others.

Report to Chainabuse

3. Report Legally

Report the crime to your local police department. This can be done via email or their website. Not reporting is covering for them.

Contact Local Police

A Message To...

The Industry

We are not your enemy. We are your free, expert abuse-triage service. Our reports are actionable intelligence, not accusations. We expect you to investigate and act as per your contractual obligations. If your abuse desk is unqualified, that is an internal issue. Requests for video proof or different file formats are intentional delays that help criminals steal more. Act on the comprehensive evidence we provide.

Scammers

Keep reporting each other. It helps us cluster and neutralize your networks faster. In 5/5 large CIS groups we analyzed, revenue filters skimmed funds from you upstream; you don’t even see 5% of the total take. You are not kings; you are disposable, and victims of your own operators.

Join the Mission

Use our data. Collaborate. Stop the next scam before it starts.

Get Data Feed Scan a Site Live Reports