# kraken16at.vip — MALICIOUS > PhishDestroy identifies kraken16at.vip as a live crypto-drainer page impersonating Kraken; 9/95 VirusTotal detections since domain creation April 04, 2025. ## Summary PhishDestroy has detected kraken16at.vip, a malicious site currently luring users with a fake Kraken-branded page designed to drain cryptocurrency wallets. When victims connect their wallet to interact with the fraudulent “kraken16.at” interface, the page silently approves malicious token-transfer permissions. Funds are then siphoned to attacker-controlled addresses without further prompts, leaving victims with drained balances and no recovery path. The domain uses HTTPS via Google Trust Services to appear legitimate, but the underlying code contains multiple obfuscated drainer scripts that exfiltrate private keys and transaction approvals in real time. This domain was flagged by PhishDestroy after 9 out of 95 leading security vendors on VirusTotal marked it as malicious. Public records show kraken16at.vip was registered on April 04, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 172.67.197.86. The impersonation is evident from the page title “kraken16.at” shown in browser tabs, leveraging the trusted Kraken brand to lower user suspicion and increase click-through rates from phishing lures such as fake airdrop announcements or support scams. If you visited kraken16at.vip, immediately disconnect your wallet from the site by revoking all token approvals through your wallet interface or via reputable revocation tools like revoke.cash. Do not approve any additional transaction requests. Scan your device with updated antivirus and consider transferring remaining funds to a new, clean wallet. Report the domain to PhishDestroy and your wallet provider to help block future attacks. Never reuse wallet credentials or seed phrases and always verify URLs via official Kraken channels before any interaction. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Kraken - Page title: kraken16.at ## Domain Intelligence - Registered: 2025-04-04 16:51:18 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.197.86 ## Detection Status - VirusTotal: 9 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/885f931b-127f-4a7e-8128-908925f5202d - PhishDestroy: https://phishdestroy.io/domain/kraken16at.vip/ - LLM endpoint: https://phishdestroy.io/domain/kraken16at.vip/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kraken16at.vip/ Last updated: 2026-03-25