Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.

0
Total Tracked
0
Detected
0
Content Alive
0
Content Dead
0
VT Pending
WalletConnect Abuse
HIGH THREAT

Understanding and Combating WalletConnect Abuse

WalletConnect Abuse represents a significant threat, with 1,667 domains detected and 555 currently active. PhishDestroy has identified top TLDs including .com, .app, and .xyz, and leading registrars such as NICENIC INTERNATIONAL GROUP CO., LIMITED.

1,672
Domains Detected
HIGH
Threat Level

How This Attack Works

WalletConnect Abuse involves deceptive tactics to exploit users of cryptocurrency platforms. Understanding these steps can help in prevention.

STEP 1
Creation of Fake Domains
Attackers create fake domains that mimic legitimate cryptocurrency platforms to lure victims.
STEP 2
Deployment of Phishing Pages
Phishing pages are set up on these domains to capture user credentials and wallet information.
STEP 3
Execution of Malicious Code
JavaScript and other scripting languages are used to execute malicious code that intercepts user data.
STEP 4
Unauthorized Transactions
Stolen credentials are used to authorize transactions, draining victims’ wallets.

Technical Analysis

WalletConnect Abuse often involves the creation of phishing sites that mimic popular cryptocurrency service providers. Attackers use sophisticated scripts to manipulate the WalletConnect protocol, intercepting the authentication process. This includes the use of JavaScript to capture private keys and signatures when users attempt to connect their wallets. Infrastructure-wise, attackers frequently utilize content delivery networks like Cloudflare to host phishing sites, taking advantage of high availability and speed. Additionally, smart contracts are sometimes manipulated to automatically approve transactions that transfer funds to the attacker’s address without the victim's explicit consent.

Real Cases

The Opensea Phishing Incident (2024)
$2 million stolen
A phishing campaign targeting Opensea users resulted in significant financial losses and credential theft.
Vercel App Scam (2023)
$1.5 million stolen
Attackers used fake Vercel app domains to trick users into revealing wallet information, leading to unauthorized access.
Marketplace-Art Fraud (2024)
$3 million stolen
Fraudulent marketplace-art domains were used to deceive users into connecting their wallets, resulting in asset theft.

How to Detect

Unfamiliar domain names mimicking legitimate services
Requests for private keys or seed phrases
Unexpected transaction requests
Poor website design or misspellings
Limited or no HTTPS security

How to Protect Yourself

1 Always verify domain authenticity
2 Enable two-factor authentication
3 Use hardware wallets for transactions
4 Regularly update security software
5 Educate yourself on common phishing tactics

Frequently Asked Questions

What is WalletConnect Abuse?
WalletConnect Abuse involves exploiting the WalletConnect protocol to trick users into revealing their cryptocurrency wallet credentials through phishing tactics.
How much money has been stolen through WalletConnect Abuse?
To date, WalletConnect Abuse has resulted in millions of dollars in losses, with specific incidents causing damages ranging from $1.5 million to $3 million.
How do I protect myself from WalletConnect Abuse?
Verify domain authenticity, use two-factor authentication, and employ hardware wallets for added security against phishing attacks.
What should I do if I'm a victim of WalletConnect Abuse?
Report the incident to your wallet provider, change passwords immediately, and contact local authorities or a cybersecurity expert for assistance.
Data sourced from PhishDestroy threat intelligence database — 1,672 domains tracked for this threat type
Wallet Connect Abuse — Threat Intelligence Protocol Abuse Active Threat
1,672
Domains
269
Alive
1,331
Taken Down
6.9
Avg VT
16.1%
Alive Rate
93.1%
Detected
Since Mar 2024 882 domains with VT ≥ 5
WalletConnect Abuse 1,672 domains
Screenshot of airdrop-wlfi.org
airdrop-wlfi.org
15 VTUnknownbinance
Screenshot of airdrop-wlfi.org
airdrop-wlfi.org
Screenshot of allocations-yieldbasis.xyz
allocations-yieldbasis.xyz
15 VTUnknown
Screenshot of allocations-yieldbasis.xyz
allocations-yieldbasis.xyz
Screenshot of aml.riskcheck.info
aml.riskcheck.info
15 VTUnknownAML Scam
Screenshot of aml.riskcheck.info
aml.riskcheck.info
Screenshot of app-renzoprotocol.network
app-renzoprotocol.network
15 VTUnknowndiscord
Screenshot of app-renzoprotocol.network
app-renzoprotocol.network
Screenshot of aureumcapitall.com
aureumcapitall.com
15 VTUnknowndiscord
Screenshot of aureumcapitall.com
aureumcapitall.com
Screenshot of authereumportal.com
authereumportal.com
15 VTUnknown
Screenshot of authereumportal.com
authereumportal.com
Screenshot of avax-airdrop.click
avax-airdrop.click
15 VTUnknownAvalanche
Screenshot of avax-airdrop.click
avax-airdrop.click
Screenshot of award-yieldusd.net
award-yieldusd.net
15 VTUnknownaave
Screenshot of award-yieldusd.net
award-yieldusd.net
Screenshot of berlinsystem.cfd
berlinsystem.cfd
15 VTUnknownWalletConnect
Screenshot of berlinsystem.cfd
berlinsystem.cfd
Screenshot of claim-camphaven.org
claim-camphaven.org
15 VTCF Banneddiscord
Screenshot of claim-camphaven.org
claim-camphaven.org
Screenshot of claim-tectum.org
claim-tectum.org
15 VTUnknowndiscord
Screenshot of claim-tectum.org
claim-tectum.org
Screenshot of claim-walrus.app
claim-walrus.app
15 VTUnknown
Screenshot of claim-walrus.app
claim-walrus.app
Screenshot of claims-snortertoken.com
claims-snortertoken.com
15 VTUnknowndextools
Screenshot of claims-snortertoken.com
claims-snortertoken.com
Screenshot of debridge-foundation.app
debridge-foundation.app
15 VTUnknowndebridge
Screenshot of debridge-foundation.app
debridge-foundation.app
Screenshot of dextool.netlify.app
dextool.netlify.app
15 VTUnknownWalletConnect
Screenshot of dextool.netlify.app
dextool.netlify.app
Screenshot of ebemevm.live
ebemevm.live
15 VTUnknown
Screenshot of ebemevm.live
ebemevm.live
Screenshot of eth-trust.org
eth-trust.org
15 VTUnknownWalletConnect
Screenshot of eth-trust.org
eth-trust.org
Screenshot of everythinghere.co.za
everythinghere.co.za
15 VTUnknown
Screenshot of everythinghere.co.za
everythinghere.co.za
Screenshot of flyingtulip.finance
flyingtulip.finance
15 VTUnknown
Screenshot of flyingtulip.finance
flyingtulip.finance
Screenshot of folksdrop.xyz
folksdrop.xyz
15 VTUnknown
Screenshot of folksdrop.xyz
folksdrop.xyz
Screenshot of gain-nanoeth.com
gain-nanoeth.com
15 VTUnknownacross
Screenshot of gain-nanoeth.com
gain-nanoeth.com
Screenshot of hydr.live
hydr.live
15 VTUnknownacross
Screenshot of hydr.live
hydr.live
Screenshot of ink-wrapped.com
ink-wrapped.com
15 VTUnknowndiscord
Screenshot of ink-wrapped.com
ink-wrapped.com
Screenshot of lineabuildscheck.com
lineabuildscheck.com
15 VTUnknownLinea
Screenshot of lineabuildscheck.com
lineabuildscheck.com
Screenshot of lineachecklive.xyz
lineachecklive.xyz
15 VTUnknownLinea
Screenshot of lineachecklive.xyz
lineachecklive.xyz
Screenshot of mask-reward.app
mask-reward.app
15 VTUnknownacross
Screenshot of mask-reward.app
mask-reward.app
Screenshot of monadxdevelop.xyz
monadxdevelop.xyz
15 VTUnknowndiscord
Screenshot of monadxdevelop.xyz
monadxdevelop.xyz
Screenshot of noox.fi
noox.fi
15 VTUnknownWalletConnect
Screenshot of noox.fi
noox.fi
Screenshot of nooxdao.top
nooxdao.top
15 VTUnknownWalletConnect
Screenshot of nooxdao.top
nooxdao.top
Screenshot of nooxnft.app
nooxnft.app
15 VTUnknownWalletConnect
Screenshot of nooxnft.app
nooxnft.app
Screenshot of ozak.claims
ozak.claims
15 VTUnknownacross
Screenshot of ozak.claims
ozak.claims
Screenshot of plasmagetclaim.xyz
plasmagetclaim.xyz
15 VTUnknownethereum
Screenshot of plasmagetclaim.xyz
plasmagetclaim.xyz
Screenshot of polyoptions.xyz
polyoptions.xyz
15 VTUnknownapple
Screenshot of polyoptions.xyz
polyoptions.xyz
Screenshot of register-dein.com
register-dein.com
15 VTUnknown
Screenshot of register-dein.com
register-dein.com
Screenshot of reward-pcpe.com
reward-pcpe.com
15 VTUnknowncoingecko
Screenshot of reward-pcpe.com
reward-pcpe.com
Screenshot of rpc2-uni.com
rpc2-uni.com
15 VTUnknownaave
Screenshot of rpc2-uni.com
rpc2-uni.com
Screenshot of solanaincinerator.pro
solanaincinerator.pro
15 VTUnknownSolana
Screenshot of solanaincinerator.pro
solanaincinerator.pro
Screenshot of stlink.world
stlink.world
15 VTUnknownchainlink
Screenshot of stlink.world
stlink.world
Screenshot of swapbytes.net
swapbytes.net
15 VTUnknownWalletConnect
Screenshot of swapbytes.net
swapbytes.net
Screenshot of undefichain.com
undefichain.com
15 VTUnknownaave
Screenshot of undefichain.com
undefichain.com
Screenshot of update-lido.net
update-lido.net
15 VTUnknownLido
Screenshot of update-lido.net
update-lido.net
Screenshot of walletconnect.one
walletconnect.one
15 VTUnknownWalletConnect
Screenshot of walletconnect.one
walletconnect.one
Screenshot of web3.pancake.run
web3.pancake.run
15 VTUnknownPancakeSwap
Screenshot of web3.pancake.run
web3.pancake.run
Screenshot of wlfllibertyfinancial.com
wlfllibertyfinancial.com
15 VTUnknownWorld Liberty Financial
Screenshot of wlfllibertyfinancial.com
wlfllibertyfinancial.com
Screenshot of www.asterdex-testnet.com
www.asterdex-testnet.com
15 VTUnknowndiscord
Screenshot of www.asterdex-testnet.com
www.asterdex-testnet.com
Screenshot of www.nexus-dex.web.id
www.nexus-dex.web.id
15 VTUnknown
Screenshot of www.nexus-dex.web.id
www.nexus-dex.web.id
Screenshot of yieldusd-app.com
yieldusd-app.com
15 VTUnknownaave
Screenshot of yieldusd-app.com
yieldusd-app.com
Screenshot of zorabridge.app
zorabridge.app
15 VTUnknownZora
Screenshot of zorabridge.app
zorabridge.app
Screenshot of 0rigiindefi.world
0rigiindefi.world
14 VTUnknown
Screenshot of 0rigiindefi.world
0rigiindefi.world
Screenshot of 10bnb.cfd
10bnb.cfd
14 VTUnknownbase
Screenshot of 10bnb.cfd
10bnb.cfd
Screenshot of amlcheck.in
amlcheck.in
14 VTUnknowntrustwallet
Screenshot of amlcheck.in
amlcheck.in
Screenshot of app-bittensor.com
app-bittensor.com
14 VTUnknownTensor
Screenshot of app-bittensor.com
app-bittensor.com
Screenshot of asterdex.com-stake.id
asterdex.com-stake.id
14 VTUnknownbase
Screenshot of asterdex.com-stake.id
asterdex.com-stake.id
Screenshot of asterdexallocation.com
asterdexallocation.com
14 VTUnknowndiscord
Screenshot of asterdexallocation.com
asterdexallocation.com
Screenshot of bafybeibtcfgrhknlfhnz2c5cddfnsoje4dumrc3wsyoikx2pwuf6fbcsr4.ipfs.dweb.link
bafybeibtcfgrhknlfhnz2c5cddfnsoje4dumrc3wsyoikx2pwuf6fbcsr4.ipfs.dweb.link
14 VTUnknownMetaMask
Screenshot of bafybeibtcfgrhknlfhnz2c5cddfnsoje4dumrc3wsyoikx2pwuf6fbcsr4.ipfs.dweb.link
bafybeibtcfgrhknlfhnz2c5cddfnsoje4dumrc3wsyoikx2pwuf6fbcsr4.ipfs.dweb.link
Screenshot of bituniswap.com
bituniswap.com
14 VTUnknownUniswap
Screenshot of bituniswap.com
bituniswap.com
Screenshot of bnb-38.cc
bnb-38.cc
14 VTUnknownWalletConnect
Screenshot of bnb-38.cc
bnb-38.cc
Screenshot of bridge.pulsechlan.com
bridge.pulsechlan.com
14 VTUnknownPulsechain
Screenshot of bridge.pulsechlan.com
bridge.pulsechlan.com
Screenshot of checker-youmio.org
checker-youmio.org
14 VTUnknownWalletConnect
Screenshot of checker-youmio.org
checker-youmio.org
Screenshot of claim.monadairdop.xyz
claim.monadairdop.xyz
14 VTUnknownmonad
Screenshot of claim.monadairdop.xyz
claim.monadairdop.xyz
Screenshot of dappslink.com
dappslink.com
14 VTUnknown
Screenshot of dappslink.com
dappslink.com
Screenshot of dogsairdrop.live
dogsairdrop.live
14 VTUnknowncoinbase
Screenshot of dogsairdrop.live
dogsairdrop.live
Screenshot of drop-brevis.network
drop-brevis.network
14 VTUnknownAirdrop Scam
Screenshot of drop-brevis.network
drop-brevis.network
Screenshot of i1nch-com.pages.dev
i1nch-com.pages.dev
14 VTLive1inch
Screenshot of i1nch-com.pages.dev
i1nch-com.pages.dev
Screenshot of ifumbled.xyz
ifumbled.xyz
14 VTUnknownbnb chain
Screenshot of ifumbled.xyz
ifumbled.xyz
Screenshot of lasttest.elysium-drainer.world
lasttest.elysium-drainer.world
14 VTLiveAML Scam
Screenshot of lasttest.elysium-drainer.world
lasttest.elysium-drainer.world
lhyperfndl.com
14 VTUnknownHyperliquid
Screenshot of lineabuildcheck.com
lineabuildcheck.com
14 VTUnknownLinea
Screenshot of lineabuildcheck.com
lineabuildcheck.com
Screenshot of lineagetclaim.xyz
lineagetclaim.xyz
14 VTUnknownLinea
Screenshot of lineagetclaim.xyz
lineagetclaim.xyz
Screenshot of logixa.ae
logixa.ae
14 VTUnknown
Screenshot of logixa.ae
logixa.ae
Screenshot of mantra-dex.org
mantra-dex.org
14 VTUnknownWalletConnect
Screenshot of mantra-dex.org
mantra-dex.org
Screenshot of megaeth-refund.xyz
megaeth-refund.xyz
14 VTUnknownWalletConnect
Screenshot of megaeth-refund.xyz
megaeth-refund.xyz
Screenshot of monadmm.xyz
monadmm.xyz
14 VTUnknownMonad
Screenshot of monadmm.xyz
monadmm.xyz
Screenshot of motdrop.xyz
motdrop.xyz
14 VTUnknownacross
Screenshot of motdrop.xyz
motdrop.xyz
Screenshot of nft-luckybox-05.vercel.app
nft-luckybox-05.vercel.app
14 VTUnknownOpenSea
Screenshot of nft-luckybox-05.vercel.app
nft-luckybox-05.vercel.app
Screenshot of nmwvd.cc
nmwvd.cc
14 VTUnknownWalletConnect
Screenshot of nmwvd.cc
nmwvd.cc
Screenshot of nooxdao.fun
nooxdao.fun
14 VTUnknownethereum
Screenshot of nooxdao.fun
nooxdao.fun
Screenshot of nooxdao.net
nooxdao.net
14 VTUnknown
Screenshot of nooxdao.net
nooxdao.net
Screenshot of nooxhub.pro
nooxhub.pro
14 VTUnknownWalletConnect
Screenshot of nooxhub.pro
nooxhub.pro
Screenshot of obtain-blaze.net
obtain-blaze.net
14 VTUnknownacross
Screenshot of obtain-blaze.net
obtain-blaze.net
Screenshot of opensea-foundatlon.xyz
opensea-foundatlon.xyz
14 VTUnknownOpenSea
Screenshot of opensea-foundatlon.xyz
opensea-foundatlon.xyz
Screenshot of originyield.com
originyield.com
14 VTUnknownaave
Screenshot of originyield.com
originyield.com
Screenshot of oxproeliptic-server.firebaseapp.com
oxproeliptic-server.firebaseapp.com
14 VTLiveacross
Screenshot of oxproeliptic-server.firebaseapp.com
oxproeliptic-server.firebaseapp.com
Screenshot of pepe-gain.net
pepe-gain.net
14 VTLivecoingecko
Screenshot of pepe-gain.net
pepe-gain.net
Screenshot of peth.live
peth.live
14 VTUnknownEthereum
Screenshot of peth.live
peth.live
Screenshot of plasmachecks.xyz
plasmachecks.xyz
14 VTUnknownbitfinex
Screenshot of plasmachecks.xyz
plasmachecks.xyz
Screenshot of plasmareward.com
plasmareward.com
14 VTUnknownbitfinex
Screenshot of plasmareward.com
plasmareward.com
Screenshot of refund-kiln.com
refund-kiln.com
14 VTUnknownacross
Screenshot of refund-kiln.com
refund-kiln.com
Screenshot of reward-etc.org
reward-etc.org
14 VTLiveaave
Screenshot of reward-etc.org
reward-etc.org
Screenshot of sdhweyhashkey.top
sdhweyhashkey.top
14 VTUnknown
Screenshot of sdhweyhashkey.top
sdhweyhashkey.top
Screenshot of swapx-fi.app
swapx-fi.app
14 VTLiveethereum
Screenshot of swapx-fi.app
swapx-fi.app
techlayer3.com
14 VTCF Bannedethereum
Screenshot of thor-chain.net
thor-chain.net
14 VTLiveavalanche
Screenshot of thor-chain.net
thor-chain.net
Screenshot of unisockshub.com
unisockshub.com
14 VTUnknownWalletConnect
Screenshot of unisockshub.com
unisockshub.com
Screenshot of uniwerap.com
uniwerap.com
14 VTUnknown1inch
Screenshot of uniwerap.com
uniwerap.com
Screenshot of wallet-keyless-bybit.com
wallet-keyless-bybit.com
14 VTUnknownBybit
Screenshot of wallet-keyless-bybit.com
wallet-keyless-bybit.com
Screenshot of wallet-pay.cc
wallet-pay.cc
14 VTUnknowntrust wallet
Screenshot of wallet-pay.cc
wallet-pay.cc
Screenshot of web.bp-nxpr.com
web.bp-nxpr.com
14 VTUnknown
Screenshot of web.bp-nxpr.com
web.bp-nxpr.com
Screenshot of wlficlaim.com
wlficlaim.com
14 VTUnknownbinance
Screenshot of wlficlaim.com
wlficlaim.com
Screenshot of wlflibertysfinancial.com
wlflibertysfinancial.com
14 VTUnknownbinance
Screenshot of wlflibertysfinancial.com
wlflibertysfinancial.com
« Prev 1 2 3 4 5 Next » Page 2 of 17