# dydx-exchange.pages.dev — MALICIOUS

> dydx-exchange.pages.dev mimics dYdX to steal crypto via a phishing site that Google Safe Browsing and 12/95 VirusTotal engines flag.

## Summary
PhishDestroy identifies dydx-exchange.pages.dev as an active brand impersonation phishing site targeting dYdX users. This domain employs a deceptive subdomain and visual clones of the legitimate dYdX platform to trick visitors into connecting crypto wallets and authorizing fraudulent transactions. The page operates as a drainer kit, harvesting private keys, wallet signatures, and token approvals to siphon funds without user awareness. Registrant leverage Cloudflare’s infrastructure to obfuscate origin while presenting a fraudulent SSL certificate issued by Google Trust Services, increasing credibility among non-technical victims.  This domain was flagged on four independent security blocklists and received a 12/95 detection score on VirusTotal, indicating partial but significant coverage by security vendors. It resolves to IP 172.66.46.230 and was registered through Cloudflare, Inc. Google Safe Browsing lists it under SOCIAL_ENGINEERING, confirming malicious intent to deceive users via impersonation. The page capitalizes on dYdX’s brand recognition and leverages Pages.dev to host a spoofed replica, exploiting trust in the legitimate platform’s domain structure.  The site remains active despite blocks from SEAL, Enkrypt, MetaMask, and ScamSniffer, showing resilience through provider rotation and CDN use. Immediate takedown is advised via Cloudflare abuse channels and domain registrar intervention. Users should avoid visiting the domain, remove any saved links or bookmarks, and report the URL to their wallet providers and security platforms. Remaining risk is high due to continuous evasion tactics and the absence of full vendor coverage, necessitating ongoing monitoring and user education.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: dYdX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.230

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 4 hits
  Lists: ["SEAL", "Enkrypt", "MetaMask", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/212cf55b-cc02-410f-9b1a-7bbe26b4ce6d
- PhishDestroy: https://phishdestroy.io/domain/dydx-exchange.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/dydx-exchange.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dydx-exchange.pages.dev/
Last updated: 2026-03-21