# yoroiwallet.live — SUSPICIOUS

> yoroiwallet.live impersonates the legitimate Yoroi wallet app to deploy a crypto drainer kit. Verify the real site via PhishDestroy.

## Summary
PhishDestroy identifies yoroiwallet.live as an active crypto-drainer domain that masquerades as the legitimate Yoroi Cardano wallet. The site uses a near-identical UI and prompts visitors to connect a wallet so a malicious drainer script can silently siphon tokens and NFTs. Domain registrants chose a look-alike spelling of the official yoroiwallet.io to exploit users searching for the real wallet.

Technical indicators confirm this domain is hostile: VirusTotal shows 0/95 detections at time of analysis, the SSL certificate is issued by Google Trust Services, the domain resolves to 172.67.151.212, it was registered on 21 September 2025 through WebNic.cc (Web Commerce Communications Limited), and the creation date is fresh—only days old at assessment. No current blocklist entries were found, placing this threat in an early, high-risk window before widespread takedown.

The domain is currently active and serving the drainer payload. PhishDestroy has flagged the unique seed bacd2c and added the site to its real-time blocklist; however, risk remains elevated due to the short domain age and absence of detections on most AV engines. Users are strongly advised to avoid clicking any links to yoroiwallet.live, verify the legitimate site via PhishDestroy before connecting wallets, and never enter seed phrases or private keys on unfamiliar pages.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-21 16:26:15
- Registrar: Web Commerce Communications Limited dba WebNic.cc
- IP: 172.67.151.212

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8a7358b0-afd4-4ea0-805c-2becfaf1b62e
- PhishDestroy: https://phishdestroy.io/domain/yoroiwallet.live/
- LLM endpoint: https://phishdestroy.io/domain/yoroiwallet.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/yoroiwallet.live/
Last updated: 2026-03-22