Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.

0
Всего отслеженных
0
Detected
0
«Content Alive»
0
Содержимое не работает
0
VT — в процессе рассмотрения
Fake AML Check Scam
CRITICAL THREAT

Fake AML Мошенничество с подтверждением: How Scammers Impersonate Compliance Инструменты

Fake AML verification scams are a rapidly growing crypto threat where attackers create fraudulent websites impersonating legitimate Anti-Money Laundering compliance tools — most prominently AMLBot.com. These sites trick users into connecting their Web3 wallets for a fake "compliance check," which triggers a malicious smart contract that drains all assets. PhishDestroy tracks over 1,054 AML scam domains, with the official AMLBot warning that fake platforms are surging.

1
Домены Detected
CRITICAL
Threat Level

How This Attack Works

The scam exploits growing awareness of AML/KYC compliance requirements in crypto. Users who want to verify their funds are "clean" land on a convincing clone and unknowingly authorize a wallet drainer.

STEP 1
Lure via Search & Social
Victims encounter fake AML check sites through Google Ads, Telegram DMs, social media posts, or SEO-poisoned search results for queries like "check wallet AML" or "is my crypto clean."
STEP 2
Clone Legitimate UI
The site closely mimics the official AMLBot.com design, branding, and interface. Some clones replicate staff profiles and create fake Telegram accounts impersonating AMLBot team members.
STEP 3
Request Wallet Connection
Unlike the real AMLBot (which only needs a wallet address as text input), the fake site asks users to "connect wallet" via MetaMask or WalletConnect to "generate an AML report."
STEP 4
Drain Assets via Smart Contract
The wallet connection triggers a malicious smart contract (setApprovalForAll or token approval) that scans all tokens/NFTs, prioritizes highest-value assets, and drains everything to attacker-controlled wallets. Transactions are irreversible.

Technical Analysis

The AML scam ecosystem uses sophisticated infrastructure. Домены typically use .com, .org, .app TLDs registered through privacy-friendly registrars (NICENIC, WEBCC account for 163+ domains). Many use Cloudflare CDN for legitimacy.

The drainer mechanism is identical to other wallet-connect phishing: upon connection, the site calls setApprovalForAll() or increaseAllowance() on the victim's token contracts. The drainer scans all assets, estimates value, and prioritizes extraction of highest-value tokens first.

According to AMLBot's 2025 Crypto Crime Отчет, 65% of crypto incidents are driven by social engineering rather than technical exploits, with phishing ranking as the #2 attack type (18% of all incidents).

Key technical indicators: domains containing 'aml', 'amlbot', 'aml-check', 'aml-verify' in the URL; wallet connection prompts (the real AMLBot never requires this); recently registered domains; missing or fake SSL certificates.

Real Cases

AMLBot Clone Wave (2024-2026) (2024-2026)
1,350+ fake domains stolen
AMLBot officially warned about an alarming rise in scammers impersonating AMLBot on various platforms, including fake Telegram bots and clone websites.
amlcheckwallet.cc Drainer (2024)
Wallet drainer active stolen
Registered via Dynadot Inc, resolved to Cloudflare IP 104.21.25.10. Served a fake "AML wallet check" interface with wallet-connect drainer. PhishDestroy report.
PCRisk AML Warning (Jan 2026) (January 2026)
12+ documented domains stolen
PCRisk documented a new wave of fake AMLBot sites including amlbotchecks.com, aml-safety.app, amlrobotsaveru.com, amlpremium.top. FTC reports over 46,000 people lost $1 billion to crypto scams since 2021. PCRisk report.
amlbotchecking.com Campaign (2024)
Multiple victims stolen
Typosquat of AMLBot serving crypto drainer via fake compliance check UI. Documented by Malware Guide and PCRisk.

How to Detect

Site asks to "connect wallet" — the real AMLBot only needs a wallet ADDRESS as text input, never a wallet connection
Домен contains "aml" variations: amlbot, aml-check, aml-verify, amlcrypto (verify against official amlbot.com)
Recently registered domain (check WHOIS — legitimate AML services have years of history)
Срочно messaging: "Your wallet may be flagged" or "Check compliance before funds are frozen"
Promoted via Telegram DMs, Google Ads, or unsolicited emails instead of organic search

How to Protect Yourself

1 Bookmark the official AMLBot at amlbot.com — never click links from ads, DMs, or emails
2 Remember: legitimate AML tools only need a wallet address (text), never a wallet connection or private keys
3 Check any AML domain on PhishDestroy before interacting with it
4 Use a separate "burner" wallet with minimal funds when testing any new DeFi/Web3 service
5 If you connected your wallet to a suspicious site: immediately transfer remaining funds to a NEW wallet and revoke approvals at revoke.cash

Frequently Asked Questions

What is a Fake AML Check Scam?
It's a phishing attack where fake websites impersonate legitimate AML compliance tools like AMLBot.com. They trick users into connecting their crypto wallets for a fake "compliance check," which actually triggers a smart contract that drains all assets. The real AMLBot only needs a wallet address typed as text — it never asks for wallet connections.
How many fake AML domains has PhishDestroy detected?
PhishDestroy currently tracks over 1,054 domains related to AML scams, including typosquats of AMLBot, generic fake AML checkers, and sites using "aml-verify" or "aml-check" in their names. The number grows daily as scammers register new domains.
How do I check if an AML site is legitimate?
The only official AMLBot website is amlbot.com. Any other domain claiming to be AMLBot is a scam. You can verify any domain at PhishDestroy.io. Red flags: wallet connection requests, recently registered domain, promotion via Telegram DMs or ads.
What should I do if I connected my wallet to a fake AML site?
Act immediately: 1) Transfer ALL remaining funds to a brand new wallet, 2) Отменить разрешения на использование токенов using revoke.cash, 3) Отчет to authorities (FTC, ФБР IC3), 4) Document everything (transaction hashes, screenshots, URLs). Never pay anyone claiming they can "recover" your funds.
Data sourced from PhishDestroy threat intelligence database — 1 domains tracked for this threat type
Fake AML Check Scam 1 domains
Снимок экрана of riskcheck.info
riskcheck.info
18 VTВ прямом эфиреAMLBot
Снимок экрана of riskcheck.info
riskcheck.info

Other Scam Types

Мошенничество, связанное с борьбой с отмыванием денег 1,936 Кража семенной фразы 18 Мошенничество с аирдропами 8,047 Инвестиционное мошенничество 266