# phantomstake.co.kr — MALICIOUS — Crypto Drainer (Solana Drainer)

> phantomstake.co.kr is a crypto drainer targeting Solana wallets. VirusTotal shows 0/95 detections despite active campaigns. Check the full report.

## Summary
PhishDestroy identifies phantomstake.co.kr as a high-risk crypto drainer domain actively targeting Solana wallet users through deceptive tactics. This domain employs a Solana Drainer kit to siphon cryptocurrency assets from unsuspecting victims, posing an immediate financial threat to users engaging with crypto-related services. The infrastructure behind this operation is deliberately designed to evade detection, making it particularly dangerous in the current threat landscape.  This domain was flagged by Google Safe Browsing for social engineering activities and remains undetected by 95 VirusTotal scanning engines, indicating it has not yet been widely recognized as malicious. Registrant details point to Whois Corp. through whois.co.kr, with the domain resolving to IP address 34.111.179.208. The domain itself was created on March 23, 2026, and secured with a Let's Encrypt SSL certificate to appear legitimate. These factors collectively suggest this is a recently deployed operation with minimal tracking in security databases, increasing the likelihood of successful compromises.  To mitigate risks associated with phantomstake.co.kr, users should avoid interacting with this domain entirely, especially any prompts to connect cryptocurrency wallets. Organizations should consider blocking the domain at the network perimeter and monitoring for connections to 34.111.179.208. Additionally, users should verify website authenticity through official channels before entering sensitive information. Implementing wallet filters to prevent unauthorized transaction approvals can further reduce exposure to drainer scripts.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: unknown (HTTP ?)
- Drainer type: Solana Drainer

## Domain Intelligence
- Registered: 2026-03-23 00:00:00
- Registrar: Whois Corp.(http://whois.co.kr)
- IP: 34.111.179.208

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/50dc6653-1f23-4457-bc53-fb9a501fc1e8
- PhishDestroy: https://phishdestroy.io/domain/phantomstake.co.kr/
- LLM endpoint: https://phishdestroy.io/domain/phantomstake.co.kr/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantomstake.co.kr/
Last updated: 2026-03-23