# ledgerwallet.com.cn — MALICIOUS > Urgent warning: ledgerwallet.com.cn is a crypto drainer impersonating Ledger. Flagged by 16 of 95 VirusTotal vendors. Verify safety on PhishDestroy immediately. ## Summary PhishDestroy identifies ledgerwallet.com.cn as an active crypto drainer campaign engaged in brand impersonation of Ledger. This domain is currently live and poses an elevated risk to users interacting with it. The campaign leverages social engineering tactics to deceive visitors into connecting crypto wallets or entering seed phrases, resulting in direct fund theft. This domain was flagged by 16 of 95 VirusTotal security vendors, indicating a strong consensus on its malicious nature. It was registered on April 01, 2025, through 邦宁数字技术股份有限公司 (an Asia-based registrar). The domain resolves to IP address 207.148.34.163 and uses a Let's Encrypt SSL certificate to appear legitimate. Despite having only 16 VirusTotal detections, its creation date and impersonation strategy raise the risk level. No trust scores or blocklists are publicly documented, but the combination of recent registration, impersonation of a well-known crypto brand, and multiple VirusTotal detections strongly suggest active malicious use. Ledger users and cryptocurrency holders should treat ledgerwallet.com.cn as actively hostile. This domain is not affiliated with Ledger SAS. Users are advised to verify any domain claiming to represent Ledger using PhishDestroy’s blocklist before interacting. Never enter seed phrases, private keys, or wallet passwords on unfamiliar domains. Do not connect hardware wallets or software to untrusted URLs. Report this domain to security teams and blocklist services. Only use official Ledger websites (ledger.com or ledger-live.com) and verified app stores for software updates and services. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registered: 2025-04-01 20:54:06 - Registrar: 邦宁数字技术股份有限公司 - IP: 207.148.34.163 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e7fb419f-9203-4c25-b2a2-1812abcecced - PhishDestroy: https://phishdestroy.io/domain/ledgerwallet.com.cn/ - LLM endpoint: https://phishdestroy.io/domain/ledgerwallet.com.cn/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledgerwallet.com.cn/ Last updated: 2026-03-31