# hyperprotocol-claim.live — SUSPICIOUS > hyperprotocol-claim.live is a crypto drainer that steals digital assets via deceptive claims. Blocked by MetaMask, it was created March 28, 2026 and resolves. ## Summary PhishDestroy identifies hyperprotocol-claim.live as an active crypto_drainer domain that masquerades as a legitimate protocol-claim site to trick users into connecting their cryptocurrency wallets. Once a victim visits, the page prompts for wallet connection and, upon approval, silently drains tokens via malicious contract interactions without requiring additional signatures. This type of attack is commonly referred to as a phishing drainer and has surged in sophistication, often copying branding from real protocols to gain trust. The site leverages deceptive URLs containing terms like 'hyperprotocol' and 'claim' to appear official and time-sensitive, exploiting urgency and confusion to bypass user suspicion. This domain was flagged by 1 out of 95 VirusTotal security vendors, indicating low but significant detection variance due to evolving tactics. It was registered on March 28, 2026 through PDR Ltd. d/b/a PublicDomainRegistry.com, a common low-cost registrar used by transient malicious actors. The site also resolves to IP address 188.114.97.3, which hosts multiple malicious domains and is known for distributing cryptocurrency drainer scripts. Notably, the domain is blocked by MetaMask’s phishing detection system and the SEAL community blocklist, confirming malicious intent despite recent registration. If you visited hyperprotocol-claim.live and connected your wallet, immediately revoke any unauthorized permissions using a reputable revocation tool such as revoke.cash or similar. Disconnect the site from your wallet immediately and transfer any remaining assets to a new, secure wallet address. Enable hardware wallet protections and multi-factor authentication where possible. Avoid interacting with unsolicited links or claims promising token rewards, especially from newly registered domains. Always verify URLs manually and use tools like VirusTotal or browser safety extensions before entering any sensitive information. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-28 22:09:42 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 188.114.97.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/hyperprotocol-claim.live - PhishDestroy: https://phishdestroy.io/domain/hyperprotocol-claim.live/ - LLM endpoint: https://phishdestroy.io/domain/hyperprotocol-claim.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyperprotocol-claim.live/ Last updated: 2026-04-07