# coinbasewallet.sbs — MALICIOUS > coinbasewallet.sbs is a crypto drainer impersonating Coinbase Wallet (VT 6/95). Verify on PhishDestroy before entering credentials. ## Summary PhishDestroy identifies coinbasewallet.sbs as an active cryptocurrency wallet drainer impersonating the Coinbase brand. The domain leverages brand trust to trick users into connecting malicious wallets or entering seed phrases. Security research shows this infrastructure is designed to siphon digital assets under the guise of a legitimate Coinbase service. The domain coinbasewallet.sbs resolves to IP address 216.198.79.1 and operates under a Let’s Encrypt SSL certificate. It was registered on April 08, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal analysis reveals that 6 out of 95 security vendors flag this domain as malicious. Despite its recent creation, this domain has already been detected by Google Safe Browsing (GSB) and has appeared on multiple threat intelligence blocklists, indicating emergent but confirmed malicious activity. As of this report, coinbasewallet.sbs remains active and unblocked by many browsers and security tools. PhishDestroy continues to monitor this domain and has flagged it with an elevated risk level due to its impersonation of a major financial brand and potential to facilitate crypto theft. Users are strongly advised to avoid visiting this domain, verify any Coinbase-related links using official sources, and use PhishDestroy’s real-time scanning to detect similar threats. The risk remains elevated as the domain is likely part of a broader campaign targeting cryptocurrency users. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Coinbase ## Domain Intelligence - Registered: 2026-04-08 06:21:54 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 216.198.79.1 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/coinbasewallet.sbs - PhishDestroy: https://phishdestroy.io/domain/coinbasewallet.sbs/ - LLM endpoint: https://phishdestroy.io/domain/coinbasewallet.sbs/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/coinbasewallet.sbs/ Last updated: 2026-04-08