# dex-vote.xyz — SUSPICIOUS

> dex-vote.xyz hosts a crypto voting drainer kit, flagged by 0/95 AV engines. Learn how this active scam operates and check the full report.

## Summary
PhishDestroy identifies dex-vote.xyz as a live cryptocurrency voting drainer scam, currently under active investigation for targeting blockchain governance participants. The domain masquerades as a legitimate voting platform for decentralized autonomous organizations (DAOs) or governance proposals, luring victims with false claims of voting power or reward distribution. Security research suggests the use of a custom drainer kit designed to exfiltrate wallet credentials, seed phrases, and connected wallet assets—particularly on Ethereum and Solana ecosystems—via fraudulent transaction approval prompts. No specific brand or protocol is being impersonated at this time, indicating a broad, opportunistic campaign aimed at crypto-savvy users engaged in governance activities.

Technical indicators for dex-vote.xyz reveal a concerning lack of detection, with VirusTotal currently showing 0 out of 95 antivirus engines flagging the domain as malicious. The domain resolves to IP address 188.114.96.3 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known to accommodate high volumes of short-lived domains. The domain was created on March 27, 2026, and secured a Let’s Encrypt SSL certificate, increasing its credibility to unsuspecting visitors. Notably, the domain has not yet been flagged by Google Safe Browsing (GSB) and remains absent from major threat intelligence blocklists, suggesting it is either extremely new or deliberately evasive in its operations.

As of this advisory, dex-vote.xyz remains active and poses an elevated risk to cryptocurrency users, particularly those active in governance forums or DAO ecosystems. Immediate defensive actions include blocking the domain at DNS and network levels, flagging the associated IP (188.114.96.3) in firewall rules, and updating SIEM signatures to detect outbound connections to this domain or IP. Users are strongly advised to avoid interacting with any unsolicited governance-related links, verify URLs through official channels, and ensure wallet software is updated with phishing protection features. While the current risk is high due to low detection rates and recent domain age, proactive monitoring and rapid response can mitigate potential compromise. Remaining risk is classified as 'under investigation' pending further behavioral analysis and sinkholing opportunities.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-27 07:26:51
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/153c3fc6-07a5-4b6f-8184-a83f6d821f50
- PhishDestroy: https://phishdestroy.io/domain/dex-vote.xyz/
- LLM endpoint: https://phishdestroy.io/domain/dex-vote.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dex-vote.xyz/
Last updated: 2026-03-31