Cómo opera la estafa.
etherwallet.co.za se presenta como una interfaz de wallet de Ethereum de autoservicio. El nombre de dominio está construido para parecerse estrechamente a la marca de un servicio de wallet de Ethereum ampliamente reconocido, valiéndose de la similitud visual y fonética para captar a usuarios que buscan o escriben una dirección legítima con prisa. El sitio se dirige a usuarios que poseen o pretenden poseer Ethereum y necesitan una interfaz de wallet accesible desde el navegador para gestionar sus activos.
Las operaciones de este tipo suelen replicar la disposición visual de una plataforma de wallet genuina con suficiente fidelidad como para superar una inspección superficial. Se solicita a los visitantes que se autentiquen enviando una frase semilla, una clave privada o un archivo keystore, bajo la premisa de que se trata de un mecanismo de inicio de sesión estándar. En la práctica, cualquier credencial introducida se transmite directamente al operador en lugar de utilizarse para desbloquear una sesión de wallet local. La víctima no experimenta ningún error inmediato; la interfaz incluso puede mostrar un saldo de wallet de aspecto plausible para ampliar el margen de tiempo antes de que surjan las sospechas.
El fallo se hace evidente cuando un usuario intenta un retiro o una transferencia y la transacción o bien falla de forma silenciosa o bien los fondos se mueven a una dirección que el usuario no controla. En ese momento, el sitio puede dejar de responder, redirigir a una página de error o sencillamente desaparecer. Dado que la captura de credenciales ocurrió en el punto de acceso, el operador conserva la capacidad de vaciar cualquier wallet asociada en el momento que elija, con independencia de si la víctima regresa al sitio.
Banderas rojas que documentamos.
- 01Name-mimicry targeting a recognised wallet brandThe domain is constructed to closely echo the name of a widely used Ethereum wallet platform. This is a deliberate typographical or phonetic proximity play designed to intercept users who intend to reach a legitimate service. No affiliation with any established wallet provider exists.
- 02Private-key submission as the authentication modelLegitimate non-custodial wallet interfaces derive session access from locally held keys and do not transmit seed phrases or private keys to a remote server. Any platform that requests these credentials via a web form is, by design, capturing them for the operator rather than authenticating the user.
- 03Country-code domain misaligned with claimed global serviceThe .co.za top-level domain is the South African country-code registry. Genuine global Ethereum wallet interfaces do not typically operate primary user-facing services under a single national country-code domain. The registration choice may reflect an attempt to exploit local trust signals or to complicate jurisdictional tracing.
- 04Independent blacklist listing with no rebuttal on recordThe domain appears on the CryptoScamDB community blacklist, an independent registry that aggregates verified fraudulent crypto addresses and domains. Inclusion indicates the domain has been flagged and reviewed by the contributor community. No counter-evidence or delisting request is documented in the public record.
- 05Absence of verifiable operator identity or regulatory registrationPlatforms handling cryptocurrency on behalf of users in most jurisdictions are required to register with a financial regulator or at minimum disclose an operating entity. Sites built for credential harvesting characteristically omit these disclosures because a traceable legal identity would undermine the operation.
Lo que puedes hacer ahora.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.