How the scam operates.
etherwallet.co.za menampilkan dirinya sebagai antarmuka dompet Ethereum swalayan. Nama domainnya disusun agar sangat menyerupai merek layanan dompet Ethereum yang dikenal luas, dengan mengandalkan kemiripan visual dan fonetik untuk menjaring pengguna yang sedang mencari atau mengetikkan alamat sah secara terburu-buru. Situs ini diarahkan kepada pengguna yang memiliki atau berniat memiliki Ethereum dan membutuhkan antarmuka dompet yang dapat diakses melalui peramban untuk mengelola aset mereka.
Operasi semacam ini umumnya mereplikasi tata letak visual platform dompet asli dengan tingkat ketelitian yang cukup untuk lolos dari pemeriksaan sekilas. Pengunjung diminta melakukan autentikasi dengan mengirimkan seed phrase, kunci privat, atau berkas keystore, dengan dalih bahwa hal itu merupakan mekanisme masuk yang lazim. Pada kenyataannya, setiap kredensial yang dimasukkan diteruskan langsung kepada operator, bukan digunakan untuk membuka sesi dompet lokal. Korban tidak mengalami kesalahan secara langsung; antarmukanya bahkan dapat menampilkan saldo dompet yang tampak masuk akal untuk memperpanjang jeda sebelum kecurigaan timbul.
Kerusakan baru terlihat ketika pengguna mencoba melakukan penarikan atau transfer, lalu transaksi tersebut gagal tanpa pemberitahuan atau dana dipindahkan ke alamat yang tidak dikuasai pengguna. Pada titik itu, situs dapat menjadi tidak responsif, mengalihkan ke halaman kesalahan, atau lenyap begitu saja. Karena pengambilan kredensial telah terjadi pada saat masuk, operator tetap memiliki kemampuan untuk menguras dompet terkait kapan pun mereka kehendaki, terlepas dari apakah korban kembali mengunjungi situs tersebut.
Red flags we documented.
- 01Name-mimicry targeting a recognised wallet brandThe domain is constructed to closely echo the name of a widely used Ethereum wallet platform. This is a deliberate typographical or phonetic proximity play designed to intercept users who intend to reach a legitimate service. No affiliation with any established wallet provider exists.
- 02Private-key submission as the authentication modelLegitimate non-custodial wallet interfaces derive session access from locally held keys and do not transmit seed phrases or private keys to a remote server. Any platform that requests these credentials via a web form is, by design, capturing them for the operator rather than authenticating the user.
- 03Country-code domain misaligned with claimed global serviceThe .co.za top-level domain is the South African country-code registry. Genuine global Ethereum wallet interfaces do not typically operate primary user-facing services under a single national country-code domain. The registration choice may reflect an attempt to exploit local trust signals or to complicate jurisdictional tracing.
- 04Independent blacklist listing with no rebuttal on recordThe domain appears on the CryptoScamDB community blacklist, an independent registry that aggregates verified fraudulent crypto addresses and domains. Inclusion indicates the domain has been flagged and reviewed by the contributor community. No counter-evidence or delisting request is documented in the public record.
- 05Absence of verifiable operator identity or regulatory registrationPlatforms handling cryptocurrency on behalf of users in most jurisdictions are required to register with a financial regulator or at minimum disclose an operating entity. Sites built for credential harvesting characteristically omit these disclosures because a traceable legal identity would undermine the operation.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.