Domain Security Reports

Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.

0
Total Tracked
0
Detected
0
Content Alive
0
Content Dead
0
VT Pending
WalletConnect Abuse
HIGH THREAT

Understanding and Combating WalletConnect Abuse

WalletConnect Abuse represents a significant threat, with 1,667 domains detected and 555 currently active. PhishDestroy has identified top TLDs including .com, .app, and .xyz, and leading registrars such as NICENIC INTERNATIONAL GROUP CO., LIMITED.

1,670
Domains Detected
HIGH
Threat Level

How This Attack Works

WalletConnect Abuse involves deceptive tactics to exploit users of cryptocurrency platforms. Understanding these steps can help in prevention.

STEP 1
Creation of Fake Domains
Attackers create fake domains that mimic legitimate cryptocurrency platforms to lure victims.
STEP 2
Deployment of Phishing Pages
Phishing pages are set up on these domains to capture user credentials and wallet information.
STEP 3
Execution of Malicious Code
JavaScript and other scripting languages are used to execute malicious code that intercepts user data.
STEP 4
Unauthorized Transactions
Stolen credentials are used to authorize transactions, draining victims’ wallets.

Technical Analysis

WalletConnect Abuse often involves the creation of phishing sites that mimic popular cryptocurrency service providers. Attackers use sophisticated scripts to manipulate the WalletConnect protocol, intercepting the authentication process. This includes the use of JavaScript to capture private keys and signatures when users attempt to connect their wallets. Infrastructure-wise, attackers frequently utilize content delivery networks like Cloudflare to host phishing sites, taking advantage of high availability and speed. Additionally, smart contracts are sometimes manipulated to automatically approve transactions that transfer funds to the attacker’s address without the victim's explicit consent.

Real Cases

The Opensea Phishing Incident (2024)
$2 million stolen
A phishing campaign targeting Opensea users resulted in significant financial losses and credential theft.
Vercel App Scam (2023)
$1.5 million stolen
Attackers used fake Vercel app domains to trick users into revealing wallet information, leading to unauthorized access.
Marketplace-Art Fraud (2024)
$3 million stolen
Fraudulent marketplace-art domains were used to deceive users into connecting their wallets, resulting in asset theft.

How to Detect

Unfamiliar domain names mimicking legitimate services
Requests for private keys or seed phrases
Unexpected transaction requests
Poor website design or misspellings
Limited or no HTTPS security

How to Protect Yourself

1 Always verify domain authenticity
2 Enable two-factor authentication
3 Use hardware wallets for transactions
4 Regularly update security software
5 Educate yourself on common phishing tactics

Frequently Asked Questions

What is WalletConnect Abuse?
WalletConnect Abuse involves exploiting the WalletConnect protocol to trick users into revealing their cryptocurrency wallet credentials through phishing tactics.
How much money has been stolen through WalletConnect Abuse?
To date, WalletConnect Abuse has resulted in millions of dollars in losses, with specific incidents causing damages ranging from $1.5 million to $3 million.
How do I protect myself from WalletConnect Abuse?
Verify domain authenticity, use two-factor authentication, and employ hardware wallets for added security against phishing attacks.
What should I do if I'm a victim of WalletConnect Abuse?
Report the incident to your wallet provider, change passwords immediately, and contact local authorities or a cybersecurity expert for assistance.
Data sourced from PhishDestroy threat intelligence database — 1,670 domains tracked for this threat type
Wallet Connect Abuse — Threat Intelligence Protocol Abuse High Threat
1,670
Domains
784
Alive
826
Taken Down
6.9
Avg VT
46.9%
Alive Rate
92.9%
Detected
Since Mar 2024 878 domains with VT ≥ 5
WalletConnect Abuse 1,670 domains
xp-stether.com
16 VTUnknown1inch
yieldusd.org
16 VTLiveaave
aavdefi.top
15 VTCF BannedAave
airdrop-walletconnect.pages.dev
15 VTLiveWalletConnect
airdrop-wlfi.org
15 VTUnknownbinance
allocations-yieldbasis.xyz
15 VTLive
aml.riskcheck.info
15 VTUnknownAML Scam
app-renzoprotocol.network
15 VTLivediscord
aureumcapitall.com
15 VTLivediscord
authereumportal.com
15 VTLive
avax-airdrop.click
15 VTLiveAvalanche
award-yieldusd.net
15 VTLiveaave
berlinsystem.cfd
15 VTLiveWalletConnect
chalngpt-pad.net
15 VTLiveacross
claim-camphaven.org
15 VTUnknowndiscord
claim-tectum.org
15 VTUnknowndiscord
claim-walrus.app
15 VTUnknown
claims-snortertoken.com
15 VTUnknowndextools
debridge-foundation.app
15 VTUnknowndebridge
dextool.netlify.app
15 VTUnknownWalletConnect
ebemevm.live
15 VTUnknown
eth-trust.org
15 VTUnknownWalletConnect
everythinghere.co.za
15 VTUnknown
flyingtulip.finance
15 VTUnknown
folksdrop.xyz
15 VTLive
gain-nanoeth.com
15 VTUnknownacross
hydr.live
15 VTLiveacross
ink-wrapped.com
15 VTUnknowndiscord
lineabuildscheck.com
15 VTUnknownLinea
lineachecklive.xyz
15 VTUnknownLinea
mask-reward.app
15 VTUnknownacross
monadxdevelop.xyz
15 VTLivediscord
noox.fi
15 VTUnknownWalletConnect
nooxdao.top
15 VTUnknownWalletConnect
nooxnft.app
15 VTUnknownWalletConnect
ozak.claims
15 VTUnknownacross
plasmagetclaim.xyz
15 VTLiveethereum
register-dein.com
15 VTUnknown
reward-pcpe.com
15 VTLivecoingecko
rpc2-uni.com
15 VTUnknownaave
solanaincinerator.pro
15 VTUnknownSolana
stlink.world
15 VTUnknownchainlink
swapbytes.net
15 VTUnknownWalletConnect
undefichain.com
15 VTUnknownaave
update-lido.net
15 VTLiveLido
web3.pancake.run
15 VTUnknownPancakeSwap
wlfllibertyfinancial.com
15 VTLiveWorld Liberty Financial
www.asterdex-testnet.com
15 VTUnknowndiscord
www.nexus-dex.web.id
15 VTLive
yieldusd-app.com
15 VTLiveaave
zorabridge.app
15 VTUnknownZora
0rigiindefi.world
14 VTLive
amlcheck.in
14 VTLivetrustwallet
app-bittensor.com
14 VTLiveTensor
asterdex.com-stake.id
14 VTUnknownbase
asterdexallocation.com
14 VTUnknowndiscord
bafybeibtcfgrhknlfhnz2c5cddfnsoje4dumrc3wsyoikx2pwuf6fbcsr4.ipfs.dweb.link
14 VTUnknownMetaMask
bituniswap.com
14 VTUnknownUniswap
bnb-38.cc
14 VTUnknownWalletConnect
bridge.pulsechlan.com
14 VTUnknownPulsechain
checker-youmio.org
14 VTUnknownWalletConnect
claim.monadairdop.xyz
14 VTUnknownmonad
dappslink.com
14 VTUnknown
dogsairdrop.live
14 VTUnknowncoinbase
drop-brevis.network
14 VTUnknownAirdrop Scam
eligibility-xpl.xyz
14 VTLiveethereum
i1nch-com.pages.dev
14 VTLive1inch
ifumbled.xyz
14 VTLivebnb chain
lasttest.elysium-drainer.world
14 VTLiveAML Scam
layer3-chain.xyz
14 VTLiveethereum
lhyperfndl.com
14 VTUnknownHyperliquid
lineabuildcheck.com
14 VTUnknownLinea
lineagetclaim.xyz
14 VTUnknownLinea
logixa.ae
14 VTUnknown
mantra-dex.org
14 VTLiveWalletConnect
megaeth-refund.xyz
14 VTUnknownWalletConnect
monadmm.xyz
14 VTUnknownMonad
motdrop.xyz
14 VTUnknownacross
nft-luckybox-05.vercel.app
14 VTUnknownOpenSea
nmwvd.cc
14 VTUnknownWalletConnect
nooxdao.fun
14 VTLiveethereum
nooxdao.net
14 VTUnknown
nooxhub.pro
14 VTUnknownWalletConnect
obtain-blaze.net
14 VTUnknownacross
opensea-foundatlon.xyz
14 VTUnknownOpenSea
oxproeliptic-server.firebaseapp.com
14 VTLiveacross
paxosgift.com
14 VTUnknownacross
peth.live
14 VTUnknownEthereum
plasmachecks.xyz
14 VTLivebitfinex
plasmareward.com
14 VTLivebitfinex
refund-kiln.com
14 VTLiveacross
reward-etc.org
14 VTLiveaave
sdhweyhashkey.top
14 VTLive
swapx-fi.app
14 VTLiveethereum
techlayer3.com
14 VTCF Bannedethereum
unisockshub.com
14 VTUnknownWalletConnect
uniwerap.com
14 VTLive1inch
wallet-keyless-bybit.com
14 VTUnknownBybit
wallet-pay.cc
14 VTLivetrust wallet
wlficlaim.com
14 VTLivebinance
« Prev 1 2 3 4 5 Next » Page 2 of 17