How the scam operates.
O site se apresenta como uma interface de wallet Ethereum de autocustódia, a categoria de ferramenta que permite aos usuários gerar, importar e interagir com endereços Ethereum diretamente no navegador. Os operadores dessas plataformas de imitação normalmente replicam o design visual e a linguagem de serviços de wallet consolidados para transmitir legitimidade, mirando usuários que digitam um URL incorretamente ou chegam por meio de anúncios em mecanismos de busca e links de phishing.
O mecanismo operacional é a captura de credenciais. Quando um visitante tenta importar ou acessar uma wallet existente, normalmente ao inserir uma chave privada, um arquivo keystore ou uma seed phrase mnemônica, esses dados são transmitidos silenciosamente para uma infraestrutura controlada pelo operador, em vez de serem processados localmente. O usuário não vê nada de incomum no momento da inserção; a interface pode até exibir saldos da wallet extraídos da blockchain pública para manter a ilusão de um serviço em funcionamento.
O ponto de falha chega quando a vítima tenta realizar uma transação e descobre que sua wallet já foi esvaziada, ou quando um saque iniciado pela interface nunca se concretiza on-chain. Nessa altura, o operador já detém o controle total de qualquer material de chave privada enviado. Os fundos transferidos para endereços gerados pela plataforma correm risco semelhante, pois o operador provavelmente detém as chaves privadas correspondentes. A recuperação de ativos drenados por uma interface de captura de credenciais é tecnicamente limitada pela irreversibilidade das transferências on-chain.
Red flags we documented.
- 01Hyphenated domain mimicking a recognised wallet brandThe domain my-ether-wallet.com inserts hyphens into a string visually identical to a well-established Ethereum wallet service. This typosquatting technique is a documented method for intercepting users who make minor address-bar errors or follow links without inspecting the full URL.
- 02CryptoScamDB blacklist confirmationThe domain appears in CryptoScamDB's publicly maintained blacklist, a community-vetted registry of addresses and URLs associated with confirmed crypto-fraud operations. Inclusion is based on reported evidence, not automated heuristics alone.
- 03Self-custody interface pattern invites key disclosurePlatforms that replicate self-custody wallet interfaces are a high-risk category because their core function, importing a wallet, requires the user to disclose the most sensitive possible credential: a private key or seed phrase. Legitimate self-custody tools process these locally and never transmit them.
- 04No verifiable operational history or responsible entityPhishing sites in this category are typically registered anonymously, hosted behind privacy-preserving infrastructure, and replaced rapidly after blacklisting. The absence of a verifiable legal entity, auditable codebase, or consistent operational history is consistent with a short-lived credential-harvesting operation.
- 05Arrival via misdirection rather than organic trustSites of this pattern rarely acquire users through legitimate reputation-building. Traffic typically originates from typos, lookalike search advertisements, or social-media phishing campaigns, signals that the operator is not competing on merit but on deception.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.