Independent. Public. Non‑commercial.
We are a volunteer threat‑intelligence group. For 5+ years we have disrupted phishing, drainers, and crypto fraud. We detect live threats first, preserve evidence, and coordinate takedowns with hosts, registrars, and AV vendors.
Our approach is simple: when we see an active threat, we move immediately. We don’t wait for victims, lawsuits, or publicity — we act so there are no victims at all. This is our story.
We started with Steam scammers and spammy ads; today our scope is global crypto phishing, drainer networks, and large‑scale fraud operations. We conduct end‑to‑end casework: tracing money on‑chain to real operators, mapping infrastructure, and linking campaigns to specific panels, keys, and code. Our unique insight comes from having seen scams from the inside — not as employees but with full root‑level access to their infrastructure. This gives us an unparalleled edge to preempt new variants quickly.
We don't just find domains. We trace crypto on-chain, map infrastructure, and connect disparate campaigns to a single source, following the money to the operators.
We've seen scams from the inside. This unparalleled access to drainer panels, phishing kits, and operator infrastructure gives us a unique edge to preempt their next move.
Every site is archived. We preserve crucial artifacts—JS encryption keys, operator IDs—creating an evidence locker for law enforcement and victims to use, no questions asked.
We act so there are no victims. By reporting to over 50 vendors simultaneously, we create a network effect that dismantles scam campaigns before they fully launch.
A disproportionate number of crypto-scams originate from a handful of registrars. This is not a coincidence—it's a systemic failure in abuse handling.
When one registrar hosts thousands more malicious domains than competitors, it points to a tolerance for abuse, incompetence, or both. Scammers flock to platforms with the least resistance.
We provide clear evidence to these registrars, giving them the opportunity to meet their ICANN obligations. Our public logs create accountability when they fail to act.
Do not stay silent. Do not hide what happened. By doing so, you are doing the scammers a favor. Your silence breeds their impunity. More money for them means more attacks, more victims.
For rapid response and professional help in any situation, contact the SEAL 911 team.
Contact SEAL 911The minimum you should do. Share information about the scammer with the world. It's a small step that can help others.
Report to ChainabuseReport the crime to your local police department. This can be done via email or their website. Not reporting is covering for them.
We are not your enemy. We are your free, expert abuse-triage service. Our reports are actionable intelligence, not accusations. We expect you to investigate and act as per your contractual obligations. If your abuse desk is unqualified, that is an internal issue. Requests for video proof or different file formats are intentional delays that help criminals steal more. Act on the comprehensive evidence we provide.
Keep reporting each other. It helps us cluster and neutralize your networks faster. In 5/5 large CIS groups we analyzed, revenue filters skimmed funds from you upstream; you don’t even see 5% of the total take. You are not kings; you are disposable, and victims of your own operators.
Use our data. Collaborate. Stop the next scam before it starts.