How the scam operates.
Operasi ini menampilkan dirinya sebagai antarmuka wallet Ethereum yang sah, dengan memanfaatkan keganjilan dalam perenderan peramban yang dikenal sebagai serangan homograf punycode. Domain tersebut mengodekan karakter Unicode yang secara visual tampak tidak dapat dibedakan dari penyedia wallet Ethereum yang sudah mapan. Sasaran operasi ini adalah siapa pun yang mencari penyedia tersebut atau yang mengikuti tautan phishing. Tampilan permukaan, tata letak, pencitraan merek, serta skema warna, umumnya digandakan dari layanan yang sah untuk memperkuat ilusi keaslian.
Mekanisme operasionalnya adalah pemanenan kredensial, bukan penipuan investasi. Pengunjung yang meyakini bahwa mereka sedang mengakses wallet asli diminta untuk memasukkan private key, frasa benih mnemonik (seed phrase), atau berkas keystore mereka untuk 'membuka' wallet tersebut. Operator menangkap kredensial ini di sisi server pada saat data dikirimkan. Karena private key Ethereum memberikan akses tanpa syarat dan tidak dapat dibatalkan terhadap dana di rantai (on-chain), operator dapat menguras wallet terkait dengan segera atau secara bertahap. Tidak ada keterlibatan yang berkepanjangan, penipuan ini tuntas dalam satu interaksi tunggal.
Titik kegagalan baru menjadi nyata setelah korban mendapati dananya hilang atau menyadari, melalui peringatan peramban atau notifikasi daftar hitam, bahwa domain yang dikunjungi berbeda dari yang dituju. Pada saat itu, aset biasanya telah disapu ke alamat-alamat perantara dan disebarkan melalui mixer atau lompatan antar-rantai (chain-hopping). Operator tidak meninggalkan saluran layanan pelanggan, tidak ada identitas korporat, dan tidak ada keberadaan yang dapat dilacak untuk pemulihan. Korban hanya memiliki catatan blockchain yang bersifat publik, tetapi tanpa pihak lawan yang dapat ditindaklanjuti.
Red flags we documented.
- 01Punycode homograph impersonation patternThe domain is registered in punycode (xn-- prefix) to encode Unicode characters that render as visually similar Latin glyphs in browser address bars. This technique exists solely to deceive, no legitimate wallet provider operates through a homograph of its own brand.
- 02Private-key entry on a third-party domainAny interface that solicits a raw private key, seed phrase, or keystore file outside locally installed software is operating outside all accepted security norms. Legitimate non-custodial wallet services never require server-side submission of these credentials.
- 03CryptoScamDB blacklist confirmationThe domain appears in the CryptoScamDB community blacklist, a maintained registry of cryptoasset phishing and fraud infrastructure. Blacklist inclusion reflects community-verified evidence of malicious intent, not merely suspicion.
- 04No verifiable organisational identityThe operation presents no auditable corporate registration, no named operators, and no regulatory standing in any jurisdiction. Absence of any accountable legal entity is a consistent feature of short-lived credential-harvesting infrastructure.
- 05Single-interaction, irreversible loss patternUnlike investment fraud, which sustains a relationship to extract further deposits, this pattern resolves in one session. Once a private key or seed phrase is submitted, all associated funds become accessible to the operator with no further victim action required.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.