Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.
How This Attack Works
WalletConnect Abuse involves deceptive tactics to exploit users of cryptocurrency platforms. Understanding these steps can help in prevention.
STEP 1
Creation of Fake Domains
Attackers create fake domains that mimic legitimate cryptocurrency platforms to lure victims.
STEP 2
Deployment of Phishing Pages
Phishing pages are set up on these domains to capture user credentials and wallet information.
STEP 3
Execution of Malicious Code
JavaScript and other scripting languages are used to execute malicious code that intercepts user data.
STEP 4
Unauthorized Transactions
Stolen credentials are used to authorize transactions, draining victims’ wallets.
Technical Analysis
WalletConnect Abuse often involves the creation of phishing sites that mimic popular cryptocurrency service providers. Attackers use sophisticated scripts to manipulate the WalletConnect protocol, intercepting the authentication process. This includes the use of JavaScript to capture private keys and signatures when users attempt to connect their wallets. Infrastructure-wise, attackers frequently utilize content delivery networks like क्लाउडफ्लेयर to host phishing sites, taking advantage of high availability and speed. Additionally, smart contracts are sometimes manipulated to automatically approve transactions that transfer funds to the attacker’s address without the victim's explicit consent.
Real Cases
The Opensea Phishing Incident (2024)
$2 million stolen
A phishing campaign targeting Opensea users resulted in significant financial losses and credential theft.
Vercel App Scam (2023)
$1.5 million stolen
Attackers used fake Vercel app domains to trick users into revealing wallet information, leading to unauthorized access.
Marketplace-Art Fraud (2024)
$3 million stolen
Fraudulent marketplace-art domains were used to deceive users into connecting their wallets, resulting in asset theft.
How to Detect
Unfamiliar domain names mimicking legitimate services
Requests for private keys or seed phrases
Unexpected transaction requests
Poor website design or misspellings
Limited or no HTTPS security
How to Protect Yourself
1
Always verify domain authenticity
2
Enable two-factor authentication
3
Use hardware wallets for transactions
4
Regularly update security software
5
Educate yourself on common phishing tactics
Frequently Asked Questions
Data sourced from फिश नष्ट करो threat intelligence database — 1,655 domains tracked for this threat type
WalletConnect Abuse 1,655 domains


opensea-dez.pages.dev


opensea-login.netlify.app


origin-trails.app


pancake-bridge.pages.dev


pancakeswap.vip


pass-ligther.xyz


pepeunchained-dashboards.pages.dev


pepusunchained.votings.workers.dev


plasmaxplclaimer.xyz


protocol-yieldusd.net


safeearn.app


shshshsh.after-drainer.sbs


sol-flairy.vercel.app


solana-incinerator.pro


solcard-cc.netlify.app


solget.fun


soniclabs.vote


tesnetmonad.xyz


ttzqiv.top


uai.wasegem.com


uk099.vip


uni.v4dexapps.top


usdt-verif.net


vooi-app.org


vote-hyprstr.votings.workers.dev


voting-punksauction.com


wasegem.com


web.bp-nxbd.com


wlfimemecoin.com


www.bituniswap.com


www.blockchaincheck.us


www.lawsgrouponline.com


zcoinlab.com


activate.pcrairdrop.com


airdrop-plasma.top


airdrops-soniclabs.org


amlchebot.app


amlforte.pro


app-pudgypenguins.xyz


app.wasegem.com


appondo.xyz


asterdexlive.xyz


bcsolver-77n10wf9kk.edgeone.dev


bimodal-oxeliteoriginator.web.app


bnb.connectweb3c.io


bob-mainnet-37o0si2us-distributed-crafts.vercel.app


bob-sepolia-5r3ytp9gg-distributed-crafts.vercel.app


bob-sepolia-gbxuamav0-distributed-crafts.vercel.app


borroefinance-ai.web.app


bridge.usduc.io


campaundfenence.org


cdn.giveaway-pepe.net


checker-eul.xyz


claim-humidifi.org


claim-mon.app


claim.monrad.xyz


claimairdropfree.biz


claims-irys.org


cryptoriskscanner.com


dasdas.elysium-drainer.world


defire-solutions.pages.dev


dex-eth.xyz


dex-support-desk.netlify.app


eligibility-grass.org


espresso-portal.app


eth-burner.xyz


eth-mining-global.top


fcboft.cc


fiwnfa.cc


get-moonday.org


hiouyuiyhfguyih.com


hoimesai.xyz


j-dex-v1.app


ktaliveclaim.xyz


lab-airdrop.xyz


lido-drop.web.app


lighter-airdrops.xyz


lightxrs.com


linenetworkclaim.xyz


live-hyperxliquid.xyz


login-ai-deus.pages.dev


mining1104.94bm.com


miranetwork-live.xyz


mlv.retaileth.com


neuuihahhashkey.top


opensea-eo4.pages.dev


opensea-n7n.pages.dev


pan-wallet-v3.app


pancakeswapairdrop.com


peth.top


register-espresso.app


retikclaim.web.app


reward-snortertoken.com


rewards-lighter.xyz


serve.giveaway-pepe.net


smartprotocolfix.web.app


sol-gets.xyz


the-warplets.live