# fix-edfloat.com — MALICIOUS > PhishDestroy identifies fix-edfloat.com as an active crypto drainer impersonating Float Protocol, flagged by 5/95 VirusTotal vendors. ## Summary PhishDestroy classifies fix-edfloat.com as an elevated-risk crypto drainer impersonating Float Protocol, a decentralized stablecoin protocol operating on Ethereum. The domain employs classic phishing tactics to deceive users into connecting wallets or transferring assets, specifically targeting those familiar with Float Protocol’s ecosystem. Given its active status and multiple red flags, this domain poses a significant threat to cryptocurrency users and requires immediate attention from security teams and end-users alike. This domain was flagged by 5 out of 95 VirusTotal security vendors, indicating emerging but not yet widespread recognition of its malicious nature. The domain resolves to IP address 130.12.180.128 and is registered through DYNADOT LLC, a domain registrar known for both legitimate and malicious use cases. The SSL certificate, issued by Let’s Encrypt, adds a veneer of legitimacy, though it does not validate the domain’s trustworthiness. Notably, the domain was created on March 26, 2026, suggesting a very recent deployment aimed at capitalizing on current trends or events in the cryptocurrency space. Despite its newness, the low VirusTotal detection rate highlights the challenge of early-stage phishing detection, particularly for niche or emerging protocols like Float Protocol. To mitigate the risk posed by fix-edfloat.com, organizations and individuals should immediately block the domain and its associated IP address (130.12.180.128) at the network and endpoint levels. Security teams should update firewall rules, DNS sinkholes, and proxy filters to prevent outbound connections to this domain. Users should be warned against interacting with any links or advertisements promoting Float Protocol, especially those received via unsolicited emails, social media, or messaging platforms. Additionally, cryptocurrency wallet users should verify the authenticity of websites and smart contracts before authorizing transactions, using tools like Etherscan or reputable blockchain explorers to confirm contract addresses. For Float Protocol specifically, users should rely on official communication channels (e.g., the protocol’s verified Twitter account or Discord server) to confirm legitimate updates or campaigns. Proactive threat intelligence sharing within the cryptocurrency community can further reduce the window of opportunity for such attacks to succeed. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-26 13:37:19 - Registrar: DYNADOT LLC - IP: 130.12.180.128 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/52a3da1e-82b0-4865-bcf3-3af4872ce66b - PhishDestroy: https://phishdestroy.io/domain/fix-edfloat.com/ - LLM endpoint: https://phishdestroy.io/domain/fix-edfloat.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/fix-edfloat.com/ Last updated: 2026-04-14