# berachaintoken.info — SUSPICIOUS > PhishDestroy identifies berachaintoken.info as a brand-impersonation crypto drainer targeting OKX users, currently undetected by 95 VirusTotal engines. ## Summary PhishDestroy analysts have flagged berachaintoken.info as an active brand-impersonation site masquerading as the legitimate OKX cryptocurrency exchange. This domain leverages exact branding elements, including the OKX logo and user interface clones, to deceive visitors into connecting their wallets or entering credentials. Once connected, visitors risk asset drain via malicious smart-contract interactions or credential theft facilitated by counterfeit login portals integrated into the fake website. The infrastructure appears designed specifically to harvest high-value digital assets under the guise of OKX services, indicating a deliberate campaign against cryptocurrency traders or users familiar with the brand. This domain exhibits multiple suspicious technical indicators that warrant immediate attention. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain was created on March 17, 2024, using a recently issued SSL certificate from Let's Encrypt to project authenticity. Importantly, it currently evades detection by all 95 VirusTotal scanning engines with a perfect 0/95 detection ratio, highlighting the sophistication of the obfuscation technique employed. It resolves to IP address 188.114.96.3, a hosting environment previously observed hosting similar impersonation campaigns. While this specific infrastructure remains largely undocumented in public threat intelligence feeds, its rapid deployment and alignment with active cryptocurrency drainer toolkits strongly suggest an emerging threat vector. Users who have accessed this domain should assume exposure to credential theft or asset compromise and take immediate remediation steps. Disconnect any connected wallets from unknown or untrusted sites using tools like MetaMask or your wallet’s “connected sites” interface. Revoke any recently approved smart contract permissions via blockchain explorers such as Etherscan or BscScan using the “Revoked” tool. Change passwords and enable two-factor authentication (2FA) on all exchange accounts, especially OKX, if you entered credentials on this site. Monitor on-chain activity for unauthorized transfers and report suspicious transactions to your wallet provider or exchange support. Consider using hardware wallets for asset storage and avoid interacting with unsolicited links claiming affiliation with OKX or other major exchanges. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registered: 2026-03-17 19:03:34 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/67e2c3c5-cded-4ba3-912b-42a1eeb508cd - PhishDestroy: https://phishdestroy.io/domain/berachaintoken.info/ - LLM endpoint: https://phishdestroy.io/domain/berachaintoken.info/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/berachaintoken.info/ Last updated: 2026-03-23