# coinbase-connect.openlayer.tech — SUSPICIOUS > coinbase-connect.openlayer.tech is a Coinbase-impersonating crypto drainer. PhishDestroy flags it with 0/95 VirusTotal detections registered via NameCheap on. ## Summary coinbase-connect.openlayer.tech has been confirmed as an active crypto drainer masquerading as Coinbase. The domain leverages brand impersonation to deceive users into connecting cryptocurrency wallets, resulting in unauthorized fund transfers. Security analysis confirms the site is engineered to drain digital assets under the guise of legitimate Coinbase connectivity tools. Users are advised to treat this domain as a high-risk threat to their crypto holdings and personal data. PhishDestroy identifies that coinbase-connect.openlayer.tech resolves to IP 104.21.47.94 and is registered through NameCheap, Inc. The domain’s SSL certificate is issued by Google Trust Services, which does not imply legitimacy for this use case. As of the latest scan, VirusTotal shows 0 detections out of 95 engines (0/95), indicating low detection coverage despite clear malicious intent. The domain was created on March 14, 2024, and currently operates without inclusion on major threat intelligence blocklists, increasing exposure risk for unwary users. This absence of detection highlights the need for proactive, reputation-based evaluation rather than reliance solely on traditional AV engines. Mitigation for this specific threat involves immediate wallet disconnection from any site accessed via this domain. Never connect wallets or enter credentials on coinbase-connect.openlayer.tech, as it is designed to intercept private keys, seed phrases, or transaction approvals. Users should verify domain legitimacy by comparing it directly to official Coinbase endpoints (coinbase.com) and use tools like PhishDestroy to cross-check suspicious URLs in real time. Consider revoking connected app permissions on your wallet and scan all devices for malware if interaction occurred. Always use hardware wallets for high-value assets and enable transaction confirmation prompts to detect unauthorized transfers early. Report this domain immediately to your wallet provider, security teams, and PhishDestroy to aid in rapid deactivation and community protection. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Coinbase ## Domain Intelligence - Registered: 2024-03-14 03:27:25 - Registrar: NameCheap, Inc. - IP: 104.21.47.94 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/coinbase-connect.openlayer.tech - PhishDestroy: https://phishdestroy.io/domain/coinbase-connect.openlayer.tech/ - LLM endpoint: https://phishdestroy.io/domain/coinbase-connect.openlayer.tech/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-connect.openlayer.tech/ Last updated: 2026-04-05