Cómo opera la estafa.
La operación se presenta como una interfaz legítima de wallet de Ethereum, valiéndose de convenciones de nomenclatura estrechamente asociadas con proveedores consolidados del sector. Su dominio está construido para evocar una marca de confianza dentro del ecosistema de Ethereum, lo que la posiciona para captar tráfico de usuarios que llegan a través de motores de búsqueda, redirecciones en redes sociales o enlaces de phishing, en lugar de mediante la navegación directa y deliberada hacia un servicio verificado.
La mecánica operativa sigue un patrón típico de los sitios dedicados a la recolección de credenciales. A las víctimas se les presenta una interfaz de wallet convincente que solicita claves privadas, frases semilla o autorizaciones de tipo wallet-connect. Una vez proporcionada esa información, el operador obtiene acceso irrevocable a cualquier fondo asociado. Algunas variantes de este patrón ejecutan en segundo plano transacciones maliciosas de aprobación de tokens, transfiriendo activos sin que el usuario comprenda qué ha firmado.
El punto de falla es rápido e irreversible. Los activos se transfieren fuera de las wallets de las víctimas a los pocos minutos de enviar las credenciales o aprobar la transacción. El sitio no ofrece ningún canal de soporte, ningún mecanismo de disputa ni medio alguno de reclamación. La infraestructura de dominios de este tipo es deliberadamente desechable: una vez que la presencia en las listas negras alcanza un umbral que limita el tráfico entrante, el operador suele abandonar el dominio y reconstituirse en otro lugar bajo una nueva dirección.
Banderas rojas que documentamos.
- 01Brand impersonation in domain nameThe domain incorporates the name of a widely recognised Ethereum wallet service. This is not coincidental; it is a deliberate attempt to exploit user familiarity and intercept search-engine or autocomplete traffic intended for a legitimate provider.
- 02CryptoScamDB blacklist listingThe domain appears in CryptoScamDB's community-maintained blacklist, an independent, open-source registry of confirmed malicious crypto addresses and URLs. Inclusion indicates third-party corroboration beyond a single source.
- 03Unconventional domain structure signals disposable infrastructureThe use of a non-standard top-level domain is a recognised pattern among operators who intend to cycle through addresses quickly. Legitimate wallet services operate on stable, recognisable domains with verifiable ownership histories.
- 04Credential-soliciting interface patternAny wallet interface that requests a private key or seed phrase as part of normal operation is, by definition, not a legitimate wallet service. Established providers explicitly warn users never to enter these credentials on any website.
- 05No verifiable operator or regulatory footprintThere is no registered business entity, regulatory filing, named team, or auditable ownership associated with this operation. Absence of a verifiable identity is a baseline signal for operations designed to evade accountability.
Lo que puedes hacer ahora.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.