# lbankdefi.com — SUSPICIOUS > PhishDestroy identifies lbankdefi.com as a crypto drainer posing as a fake LBank DeFi platform. Registered Jan 09, 2025 via Gname. ## Summary PhishDestroy's forensic analysis identifies lbankdefi.com as a cryptocurrency drainer domain actively distributing malicious scripts to steal digital assets from unsuspecting victims. The domain mimics legitimate decentralized finance (DeFi) platforms, specifically targeting users of LBank—a popular cryptocurrency exchange. This site employs a crypto drainer kit designed to intercept and divert transaction approvals to attacker-controlled wallets, a tactic commonly observed in sophisticated phishing operations targeting blockchain users. The infrastructure suggests a deliberate effort to exploit trust in established DeFi ecosystems. This domain was flagged with a VirusTotal detection score of 0/95 at the time of analysis, indicating no immediate antivirus or security vendor recognition. It is registered through Gname.com Pte. Ltd. and resolves to IP address 172.67.222.36. The SSL certificate is issued by Google Trust Services, which may lend an initial appearance of legitimacy. The domain was created on January 09, 2025, making it a very recent addition to the threat landscape. At this stage, it remains unlisted on major blocklists including Google Safe Browsing (GSB), though its recent creation and zero detections suggest it is in an early operational phase. The combination of a fresh domain, absence of detection, and use of a credible SSL issuer reflects a potentially evolving threat requiring heightened monitoring. As of current assessment, lbankdefi.com is classified under investigation with an active status, meaning it is currently operational and accessible. PhishDestroy recommends immediate blocking at the network and endpoint levels using the IP address 172.67.222.36 and domain lbankdefi.com. Users are strongly advised against visiting or interacting with this domain, especially those managing cryptocurrency wallets or engaging in DeFi transactions. While the immediate risk is elevated due to lack of blocklist coverage, the absence of detections may change rapidly as threat intelligence evolves. Continuous monitoring and proactive threat hunting are essential to mitigate potential financial loss. Security teams should integrate this domain into monitoring feeds and consider it a high-priority indicator of compromise (IOC) for blockchain-related security alerts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-01-09 14:29:08 - Registrar: Gname.com Pte. Ltd. - IP: 172.67.222.36 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/lbankdefi.com - PhishDestroy: https://phishdestroy.io/domain/lbankdefi.com/ - LLM endpoint: https://phishdestroy.io/domain/lbankdefi.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/lbankdefi.com/ Last updated: 2026-04-06