How the scam operates.
この手口は、定評あるセルフカストディ型ウォレットサービスの視覚的デザインと機能的な用語体系を再現し、正規のイーサリアムウォレットインターフェースを装っています。ドメイン名 myetherwallet.cam は単純なトップレベルドメインの置換を悪用しており、本来想定される .com の接尾辞を .cam に置き換えています。この改変はごくわずかなものであり、安易な確認をすり抜けるのに十分です。とりわけ、検証済みのブックマークからではなく、検索結果、ソーシャルメディアのリンク、あるいはブラウザの自動補完を経由して到達するユーザーにおいて顕著です。
訪問者がサイトに到達すると、この手口は認証情報を窃取するインターフェースとして機能します。被害者は通常、ウォレット管理の各種手続きへと誘導されます。すなわち、既存ウォレットのインポート、アカウントへのアクセスの復元、あるいはハードウェアデバイスの接続といった、シードフレーズまたは秘密鍵の入力を要する手続きです。これらの認証情報は、正規のウォレット機能を実行するために使われることはありません。窃取されて運営者に送信され、当該認証情報に紐づくすべてのウォレットに対する無条件の支配権を与えてしまいます。
侵害の発覚は通常、事後にのみ起こります。被害者が、自らが承認していないアドレスへ資産が移動されていることに気づいた時点です。ブロックチェーンの取引は設計上、最終的なものであるため、紛争解決やチャージバックの仕組みは存在しません。運営者の目的は、認証情報が入力される単一のセッション内で完全に達成されます。被害者との継続的な関係は必要とされず、想定もされていません。
Red flags we documented.
- 01TLD substitution signals deliberate impersonation intentReplacing .com with .cam is a documented phishing technique that exploits the visual similarity between top-level domains. No organisation with a legitimate operational purpose would register a domain so precisely mirroring an established wallet service's primary address. The construction of the domain exists solely to misdirect.
- 02Confirmed listing on CryptoScamDB community blacklistThe domain appears in the CryptoScamDB blacklist, a collaboratively maintained registry of fraudulent cryptocurrency addresses. Inclusion reflects documented harm or substantiated community reporting, not algorithmic inference, and represents an independent, third-party classification of fraudulent intent.
- 03Seed-phrase capture carries irreversible consequencesWallet impersonation operations of this pattern harvest seed phrases or private keys under the guise of wallet management. A compromised seed phrase grants its holder unconditional, permanent control over all associated wallets. There is no recovery mechanism once funds are transferred on-chain.
- 04Single-session operation with no engagement modelUnlike investment fraud operations that cultivate victims over weeks, wallet impersonation platforms achieve their objective in one session, the moment credentials are entered. This absence of sustained engagement means victims have no prior warning signals through prolonged contact, making pre-loss detection particularly difficult.
- 05Domain structure indicates registration intent, not independent brandingThe name myetherwallet.cam cannot plausibly be attributed to coincidence. Reproducing the full name of a recognised wallet service with only a TLD modification leaves no credible interpretation other than deliberate misdirection. Legitimate platforms differentiate themselves; this domain is structured to avoid differentiation.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.