# okxwalletextension.com — SUSPICIOUS > okxwalletextension.com is a crypto drainer impersonating OKX. Flagged by 0 of 95 VirusTotal vendors. Verify legitimacy on PhishDestroy before interacting. ## Summary PhishDestroy identifies okxwalletextension.com as an active crypto drainer impersonating the OKX brand. This domain was registered on March 26, 2026, through Sav.com, LLC, and resolves to IP address 198.251.84.236. The domain currently operates with a Let's Encrypt SSL certificate and remains undetected by threat intelligence platforms, with 0 detections out of 95 VirusTotal vendors. As of investigation, no blocklist entries have been recorded, and trust scores remain unassessed due to its recent emergence. This domain mimics the official OKX wallet extension to deceive users into connecting malicious crypto-wallets or exposing sensitive credentials. The lack of detection indicates it is either newly deployed or employing sophisticated evasion techniques. Given its active status and the absence of protective flags, users interacting with this domain face an imminent risk of financial theft or credential compromise. The domain’s recent registration and clean reputation scores further suggest it is likely part of a targeted brand impersonation campaign aimed at cryptocurrency users. PhishDestroy recommends immediate blocking of okxwalletextension.com and verification of all cryptocurrency-related extensions through official channels. Users should cross-check URLs against PhishDestroy’s threat database and avoid downloading wallet extensions from unofficial sources. If exposure has occurred, disconnect affected wallets, revoke unauthorized permissions, and report the incident to OKX support. Monitoring for associated IP addresses (198.251.84.236) and domain variants is strongly advised to prevent broader exploitation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registered: 2026-03-26 03:26:42 - Registrar: Sav.com, LLC - IP: 198.251.84.236 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e397027f-a35f-465b-958d-3b3d0e75d898 - PhishDestroy: https://phishdestroy.io/domain/okxwalletextension.com/ - LLM endpoint: https://phishdestroy.io/domain/okxwalletextension.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/okxwalletextension.com/ Last updated: 2026-03-29