# www.backpackwallet.xyz — SUSPICIOUS > The domain backpackwallet.xyz is a crypto drainer posing as a legit wallet, with 0/95 VirusTotal detections. Users should avoid this site entirely. ## Summary PhishDestroy identifies backpackwallet.xyz as a live crypto drainer targeting cryptocurrency wallet users through social engineering tactics designed to trick victims into connecting their wallets and approving malicious transactions. This domain mimics legitimate wallet services, particularly those with names suggesting portability or convenience, to deceive users into entering seed phrases or approving transactions that drain funds to attacker-controlled addresses. Threat actors leverage domain similarity and urgency-based lures to maximize successful compromises before security vendors catch up. This domain was flagged with a risk level marked as under_investigation and shows concerning technical indicators: VirusTotal currently detects 0 out of 95 security engines, indicating it has not yet been widely blacklisted despite active malicious activity. The domain was registered on April 11, 2026, through OwnRegistrar, Inc., and resolves to IP address 64.29.17.1 via a Let's Encrypt SSL certificate, which is commonly abused in short-lived malicious campaigns due to its ease of issuance and low verification requirements. The lack of early detection suggests this threat is in an early operational phase and may rapidly expand in scope before security controls catch up. Users who have visited backpackwallet.xyz should immediately disconnect their wallets, revoke any unintended transaction approvals, and transfer remaining assets to a clean wallet. Do not interact with this domain further and report the activity to your wallet provider and relevant threat intelligence platforms. Monitor wallet transaction histories and consider rotating seed phrases if credentials were exposed. Users should also block the domain at the network level and update browser-based security filters to include backpackwallet.xyz and its associated IP address 64.29.17.1. Security teams are advised to ingest this domain into blocklists and monitor for related infrastructure using the unique seed identifier 0704df for tracking. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-11 17:38:00 - Registrar: OwnRegistrar, Inc. - IP: 64.29.17.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1017156e-05aa-479f-a89f-b16d2caed4ac - PhishDestroy: https://phishdestroy.io/domain/www.backpackwallet.xyz/ - LLM endpoint: https://phishdestroy.io/domain/www.backpackwallet.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www.backpackwallet.xyz/ Last updated: 2026-04-12