Domain Security Reports

Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.

0
Total Tracked
0
Detected
0
Content Alive
0
Content Dead
0
VT Pending
WalletConnect Abuse
HIGH THREAT

Understanding and Combating WalletConnect Abuse

WalletConnect Abuse represents a significant threat, with 1,667 domains detected and 555 currently active. PhishDestroy has identified top TLDs including .com, .app, and .xyz, and leading registrars such as NICENIC INTERNATIONAL GROUP CO., LIMITED.

1,669
Domains Detected
HIGH
Threat Level

How This Attack Works

WalletConnect Abuse involves deceptive tactics to exploit users of cryptocurrency platforms. Understanding these steps can help in prevention.

STEP 1
Creation of Fake Domains
Attackers create fake domains that mimic legitimate cryptocurrency platforms to lure victims.
STEP 2
Deployment of Phishing Pages
Phishing pages are set up on these domains to capture user credentials and wallet information.
STEP 3
Execution of Malicious Code
JavaScript and other scripting languages are used to execute malicious code that intercepts user data.
STEP 4
Unauthorized Transactions
Stolen credentials are used to authorize transactions, draining victims’ wallets.

Technical Analysis

WalletConnect Abuse often involves the creation of phishing sites that mimic popular cryptocurrency service providers. Attackers use sophisticated scripts to manipulate the WalletConnect protocol, intercepting the authentication process. This includes the use of JavaScript to capture private keys and signatures when users attempt to connect their wallets. Infrastructure-wise, attackers frequently utilize content delivery networks like Cloudflare to host phishing sites, taking advantage of high availability and speed. Additionally, smart contracts are sometimes manipulated to automatically approve transactions that transfer funds to the attacker’s address without the victim's explicit consent.

Real Cases

The Opensea Phishing Incident (2024)
$2 million stolen
A phishing campaign targeting Opensea users resulted in significant financial losses and credential theft.
Vercel App Scam (2023)
$1.5 million stolen
Attackers used fake Vercel app domains to trick users into revealing wallet information, leading to unauthorized access.
Marketplace-Art Fraud (2024)
$3 million stolen
Fraudulent marketplace-art domains were used to deceive users into connecting their wallets, resulting in asset theft.

How to Detect

Unfamiliar domain names mimicking legitimate services
Requests for private keys or seed phrases
Unexpected transaction requests
Poor website design or misspellings
Limited or no HTTPS security

How to Protect Yourself

1 Always verify domain authenticity
2 Enable two-factor authentication
3 Use hardware wallets for transactions
4 Regularly update security software
5 Educate yourself on common phishing tactics

Frequently Asked Questions

What is WalletConnect Abuse?
WalletConnect Abuse involves exploiting the WalletConnect protocol to trick users into revealing their cryptocurrency wallet credentials through phishing tactics.
How much money has been stolen through WalletConnect Abuse?
To date, WalletConnect Abuse has resulted in millions of dollars in losses, with specific incidents causing damages ranging from $1.5 million to $3 million.
How do I protect myself from WalletConnect Abuse?
Verify domain authenticity, use two-factor authentication, and employ hardware wallets for added security against phishing attacks.
What should I do if I'm a victim of WalletConnect Abuse?
Report the incident to your wallet provider, change passwords immediately, and contact local authorities or a cybersecurity expert for assistance.
Data sourced from PhishDestroy threat intelligence database — 1,669 domains tracked for this threat type
Wallet Connect Abuse — Threat Intelligence Protocol Abuse Active Threat
1,669
Domains
246
Alive
1,398
Taken Down
6.9
Avg VT
14.7%
Alive Rate
92.8%
Detected
Since Mar 2024 876 domains with VT ≥ 5
WalletConnect Abuse 1,669 domains
xp-steth.com
16 VTLive1inch
xp-stether.com
16 VTLive1inch
yieldusd.org
16 VTTaken Downaave
aavdefi.top
15 VTAave
airdrop-walletconnect.pages.dev
15 VTLiveWalletConnect
airdrop-wlfi.org
15 VTTaken Downbinance
allocations-yieldbasis.xyz
15 VTTaken Down
aml.riskcheck.info
15 VTTaken DownAML Scam
app-renzoprotocol.network
15 VTTaken DownWalletConnect
aureumcapitall.com
15 VTTaken DownWalletConnect
authereumportal.com
15 VTTaken Down
avax-airdrop.click
15 VTTaken DownAvalanche
berlinsystem.cfd
15 VTTaken DownWalletConnect
chalngpt-pad.net
15 VTTaken DownWalletConnect
claim-camphaven.org
15 VTTaken DownAave
claim-tectum.org
15 VTTaken Downdiscord
claim-walrus.app
15 VTLive
claims-snortertoken.com
15 VTTaken Downdextools
debridge-foundation.app
15 VTLivedebridge
dextool.netlify.app
15 VTTaken DownWalletConnect
ebemevm.live
15 VTTaken Down
eth-trust.org
15 VTTaken DownWalletConnect
everythinghere.co.za
15 VTTaken Down
flyingtulip.finance
15 VTTaken Down
folksdrop.xyz
15 VTTaken Down
gain-nanoeth.com
15 VTTaken DownWalletConnect
hydr.live
15 VTTaken DownWalletConnect
ink-wrapped.com
15 VTTaken Downdiscord
lineabuildscheck.com
15 VTLiveLinea
lineachecklive.xyz
15 VTLiveLinea
mask-reward.app
15 VTLiveacross
monadxdevelop.xyz
15 VTTaken DownMonad
noox.fi
15 VTTaken DownWalletConnect
nooxdao.top
15 VTTaken DownWalletConnect
nooxnft.app
15 VTTaken DownWalletConnect
ozak.claims
15 VTTaken Downacross
plasmagetclaim.xyz
15 VTTaken DownWalletConnect
register-dein.com
15 VTTaken Down
reward-pcpe.com
15 VTTaken DownWalletConnect
rpc2-uni.com
15 VTLiveaave
solanaincinerator.pro
15 VTLiveSolana
stlink.world
15 VTLivechainlink
swapbytes.net
15 VTTaken DownWalletConnect
undefichain.com
15 VTTaken Downaave
update-lido.net
15 VTLiveLido
web3.pancake.run
15 VTTaken DownPancakeSwap
wlfllibertyfinancial.com
15 VTTaken DownWorld Liberty Financial
www.asterdex-testnet.com
15 VTTaken Downdiscord
www.nexus-dex.web.id
15 VTTaken Down
yieldusd-app.com
15 VTTaken DownWalletConnect
zorabridge.app
15 VTTaken DownZora
0rigiindefi.world
14 VTTaken Down
amlcheck.in
14 VTTaken DownTrust Wallet
app-bittensor.com
14 VTTaken DownTensor
asterdex.com-stake.id
14 VTTaken Downbase
asterdexallocation.com
14 VTTaken Downdiscord
bafybeibtcfgrhknlfhnz2c5cddfnsoje4dumrc3wsyoikx2pwuf6fbcsr4.ipfs.dweb.link
14 VTTaken DownMetaMask
bituniswap.com
14 VTTaken DownUniswap
bnb-38.cc
14 VTTaken DownWalletConnect
bounce-bit.us
14 VTTaken DownWalletConnect
bridge.pulsechlan.com
14 VTTaken DownPulsechain
calvins-tradehub.com
14 VTTaken Down
checker-youmio.org
14 VTTaken DownWalletConnect
claim.monadairdop.xyz
14 VTLivemonad
dappslink.com
14 VTTaken Down
dogsairdrop.live
14 VTTaken Downcoinbase
drop-brevis.network
14 VTTaken DownAirdrop Scam
eligibility-xpl.xyz
14 VTTaken Down
i1nch-com.pages.dev
14 VTTaken Down1inch
ifumbled.xyz
14 VTTaken DownWalletConnect
lasttest.elysium-drainer.world
14 VTTaken DownAML Scam
layer3-chain.xyz
14 VTTaken DownPolygon
lhyperfndl.com
14 VTLiveHyperliquid
lineabuildcheck.com
14 VTLiveLinea
lineagetclaim.xyz
14 VTLiveLinea
logixa.ae
14 VTTaken Down
mantra-dex.org
14 VTTaken DownWalletConnect
megaeth-refund.xyz
14 VTTaken DownWalletConnect
monadmm.xyz
14 VTTaken DownMonad
motdrop.xyz
14 VTLiveacross
nft-luckybox-05.vercel.app
14 VTTaken DownOpenSea
nmwvd.cc
14 VTTaken DownWalletConnect
nooxdao.fun
14 VTTaken Down
nooxdao.net
14 VTTaken Down
nooxhub.pro
14 VTTaken DownWalletConnect
obtain-blaze.net
14 VTLiveacross
opensea-foundatlon.xyz
14 VTTaken DownOpenSea
oxproeliptic-server.firebaseapp.com
14 VTLiveacross
paxosgift.com
14 VTTaken Down
peth.live
14 VTTaken DownEthereum
plasmachecks.xyz
14 VTTaken Down
plasmareward.com
14 VTTaken Down
refund-kiln.com
14 VTTaken DownWalletConnect
reward-etc.org
14 VTTaken DownWalletConnect
sdhweyhashkey.top
14 VTTaken Down
swapx-fi.app
14 VTTaken Down
techlayer3.com
14 VTTaken DownPolygon
unisockshub.com
14 VTTaken DownWalletConnect
uniwerap.com
14 VTTaken DownWalletConnect
wallet-keyless-bybit.com
14 VTLiveBybit
« Prev 1 2 3 4 5 Next » Page 2 of 17