Domain Security Reports

Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.

0
Total Tracked
0
Detected
0
Content Alive
0
Content Dead
0
VT Pending
WalletConnect Abuse
HIGH THREAT

Understanding and Combating WalletConnect Abuse

WalletConnect Abuse represents a significant threat, with 1,667 domains detected and 555 currently active. PhishDestroy has identified top TLDs including .com, .app, and .xyz, and leading registrars such as NICENIC INTERNATIONAL GROUP CO., LIMITED.

1,672
Domains Detected
HIGH
Threat Level

How This Attack Works

WalletConnect Abuse involves deceptive tactics to exploit users of cryptocurrency platforms. Understanding these steps can help in prevention.

STEP 1
Creation of Fake Domains
Attackers create fake domains that mimic legitimate cryptocurrency platforms to lure victims.
STEP 2
Deployment of Phishing Pages
Phishing pages are set up on these domains to capture user credentials and wallet information.
STEP 3
Execution of Malicious Code
JavaScript and other scripting languages are used to execute malicious code that intercepts user data.
STEP 4
Unauthorized Transactions
Stolen credentials are used to authorize transactions, draining victims’ wallets.

Technical Analysis

WalletConnect Abuse often involves the creation of phishing sites that mimic popular cryptocurrency service providers. Attackers use sophisticated scripts to manipulate the WalletConnect protocol, intercepting the authentication process. This includes the use of JavaScript to capture private keys and signatures when users attempt to connect their wallets. Infrastructure-wise, attackers frequently utilize content delivery networks like Cloudflare to host phishing sites, taking advantage of high availability and speed. Additionally, smart contracts are sometimes manipulated to automatically approve transactions that transfer funds to the attacker’s address without the victim's explicit consent.

Real Cases

The Opensea Phishing Incident (2024)
$2 million stolen
A phishing campaign targeting Opensea users resulted in significant financial losses and credential theft.
Vercel App Scam (2023)
$1.5 million stolen
Attackers used fake Vercel app domains to trick users into revealing wallet information, leading to unauthorized access.
Marketplace-Art Fraud (2024)
$3 million stolen
Fraudulent marketplace-art domains were used to deceive users into connecting their wallets, resulting in asset theft.

How to Detect

Unfamiliar domain names mimicking legitimate services
Requests for private keys or seed phrases
Unexpected transaction requests
Poor website design or misspellings
Limited or no HTTPS security

How to Protect Yourself

1 Always verify domain authenticity
2 Enable two-factor authentication
3 Use hardware wallets for transactions
4 Regularly update security software
5 Educate yourself on common phishing tactics

Frequently Asked Questions

What is WalletConnect Abuse?
WalletConnect Abuse involves exploiting the WalletConnect protocol to trick users into revealing their cryptocurrency wallet credentials through phishing tactics.
How much money has been stolen through WalletConnect Abuse?
To date, WalletConnect Abuse has resulted in millions of dollars in losses, with specific incidents causing damages ranging from $1.5 million to $3 million.
How do I protect myself from WalletConnect Abuse?
Verify domain authenticity, use two-factor authentication, and employ hardware wallets for added security against phishing attacks.
What should I do if I'm a victim of WalletConnect Abuse?
Report the incident to your wallet provider, change passwords immediately, and contact local authorities or a cybersecurity expert for assistance.
Data sourced from PhishDestroy threat intelligence database — 1,672 domains tracked for this threat type
Wallet Connect Abuse — Threat Intelligence Protocol Abuse High Threat
1,672
Domains
641
Alive
960
Taken Down
6.9
Avg VT
38.3%
Alive Rate
93.1%
Detected
Since Mar 2024 882 domains with VT ≥ 5
WalletConnect Abuse 1,672 domains
degengames.fun
2 VTUnknownchase
drop-lifeai.org
2 VTUnknownavalanche
edel-airdrop.com
2 VTLiveWalletConnect
eligibility-edel.com
2 VTLiveWalletConnect
esqresso.foundation
2 VTUnknown
evm.onchainwalletcrypto.com
2 VTLiveCrypto.com
fastwallet.trade
2 VTUnknownWalletConnect
findyourtoken.cx
2 VTUnknownacross
fineturtle.com
2 VTParkedWalletConnect
fir10.209494.com
2 VTLivefoundation
funnydex.com
2 VTUnknownBinance
fushenprotocol.xyz
2 VTUnknownArbitrum
gasspas-vip.web.app
2 VTUnknownWalletConnect
gasspas-vips.web.app
2 VTLivegoogle
ghodefi.top
2 VTUnknownAave
gokabuto.org
2 VTUnknownAirdrop Scam
governance-uniswap.com
2 VTUnknownUniswap
grokdextools.site
2 VTUnknownavalanche
hepyrlandfenence.org
2 VTLiveacross
heyanon-ai-interface-git-feature-zodiac-widget-real-wagmi.vercel.app
2 VTLiveacross
hilltonscreener.com
2 VTUnknown
honeycomb.0xhoneyjar.xyz
2 VTUnknownacross
horizon-dapp.web.app
2 VTLiveaerodrome
houdiniswsp.com
2 VTUnknowncoinmarketcap
hybrafinance.com
2 VTLive
hyperkp.com
2 VTUnknownWalletConnect
hyperliquid.com-portal-connects-secure-prod.pro
2 VTUnknowncoinbase
ipp.finance
2 VTLivebinance
ipypb.cc
2 VTUnknown
isldata.cc
2 VTUnknownWalletConnect
ito.wechain.ai
2 VTUnknowntelegram
j-dex-v4.app
2 VTUnknowndiscord
kiberswap.com
2 VTUnknown
kinetiq-foundations.org
2 VTLivediscord
leotec.app
2 VTUnknown
libertywsap.finance
2 VTLiveaave
libretyswap.finance
2 VTLivebase
liquild.xyz
2 VTUnknownfoundation
live-humanity.org
2 VTUnknownacross
live-stable.org
2 VTCF Bannedacross
lunexnetwork.com
2 VTUnknownrevolut
lxlwyn.top
2 VTUnknown
malenerosenberghansen.com
2 VTUnknownWalletConnect
mamorewards.com
2 VTUnknownWalletConnect
manyushiba.xyz
2 VTUnknownWalletConnect
mascor.info
2 VTUnknownAptos
mask-eligibility.app
2 VTUnknownacross
memepartyoneth.xyz
2 VTLiverevolut
migrate-yieldbasic.com
2 VTLive
moon015.szcca.net
2 VTUnknown
moon048.94tp.com
2 VTLiveBitcoin
multichainpump.fun
2 VTUnknownPump.fun
mysterybox.gam3s.claims
2 VTUnknown
nlrwvf.pages.dev
2 VTLive
nnvtz-uqaaa-aaaah-qpuuq-cai.icp0.io
2 VTUnknown
o4xfd-oiaaa-aaaaj-qnsaa-cai.icp0.io
2 VTUnknownEthereum
oguser.pages.dev
2 VTLiveEthereum
okxclaim.web.app
2 VTUnknownOKX
online232.com
2 VTLivetrust wallet
onyx-token.com
2 VTUnknownLedger
originndefi.org
2 VTLive
origndefi.org
2 VTLive
pad-chain-gpt.org
2 VTUnknownceler
panther-guard.web.app
2 VTUnknownWalletConnect
pape-drops.netlify.app
2 VTUnknownWalletConnect
pck-wallet-v1.app
2 VTUnknownacross
peipeicoins-ai.firebaseapp.com
2 VTLivecoingecko
pepeclaim2.net
2 VTUnknownsolana
peperider.com
2 VTUnknownEthereum
pepusunchained-portal.com
2 VTLiveWalletConnect
phase3-stable.com
2 VTLiveceler
pol10.com
2 VTLiveWalletConnect
polbot55.vip
2 VTUnknownWalletConnect
polbot77.vip
2 VTUnknownWalletConnect
portal-campnetwork.web.app
2 VTLiveWalletConnect
pqlzd-baaaa-aaaai-aqfja-cai.icp0.io
2 VTUnknownWalletConnect
pro700.vip
2 VTLivetrust wallet
pth997.com
2 VTLivetrust wallet
pub-159584f62dcf45f09d67c8485f215d9a.r2.dev
2 VTUnknown1inch
pumpfun.pump-airdrop.cfd
2 VTUnknown1inch
punksauction-votes.com
2 VTParkedWalletConnect
quickswap-exchange-dapp.com
2 VTUnknownacross
raydium.website
2 VTUnknownRaydium
reavers-booty.web.app
2 VTUnknownAave
register-humidifi.org
2 VTUnknownacross
register-pancakeswap.xyz
2 VTLivePancakeSwap
revoke-veloedrome.com
2 VTLivegoogle
revoking-aereodrome.com
2 VTUnknowngoogle
reward-ofc.org
2 VTUnknownWalletConnect
rewards-mio.com
2 VTLivegoogle
rewards-soracles.com
2 VTLivegoogle
rewardshyper.com
2 VTUnknownWalletConnect
ruji.trade
2 VTUnknownchatgpt
scope.rocketlauncher.gg
2 VTUnknownacross
signup-pepes.com
2 VTLive
signup-sends.info
2 VTLive
solanaairdrop.icu
2 VTUnknownSolana
spacepay.live
2 VTUnknownscroll
squid-bridge.com
2 VTUnknownacross
stake.vianxy.online
2 VTUnknowndiscord
« Prev 10 11 12 13 14 15 16 Next » Page 13 of 17