How the scam operates.
A operação se apresenta como um serviço legítimo de wallet Ethereum com padrão bancário. Ao combinar um nome estreitamente associado a um conhecido provedor de wallet com o domínio de topo .bank, que normalmente é restrito a instituições financeiras reguladas, o site projeta um sinal duplo de familiaridade e credibilidade institucional. O alvo provável é qualquer usuário de Ethereum que busque acesso a uma wallet, em especial aqueles que talvez não examinem as URLs com cuidado ou que presumam que o sufixo .bank indica supervisão regulatória formal.
Operações construídas sobre esse modelo costumam funcionar como infraestrutura de Phishing para coleta de credenciais. Os visitantes encontram uma interface projetada para replicar fielmente um serviço de wallet confiável, induzindo-os a fornecer seed phrases, chaves privadas ou aprovações de conexão da wallet. Quaisquer credenciais inseridas são capturadas pelo operador. Em algumas variantes, o site inicia transferências de tokens não autorizadas imediatamente após a conexão; em outras, as credenciais coletadas são armazenadas e usadas mais tarde, permitindo que o operador esvazie as wallets no momento de sua escolha e dificultando a atribuição.
O momento da descoberta costuma chegar depois que o usuário já enviou uma seed phrase ou chave privada, ou depois que ele percebe transações de saída não autorizadas a partir de uma wallet vinculada. A essa altura, o operador já detém tudo o que é necessário para acessar a conta. As transações em blockchain são irreversíveis, e os operadores que mantêm infraestrutura de personificação desse tipo tendem a consolidar e movimentar os fundos rapidamente. A janela para qualquer intervenção significativa é estreita, e a recuperação de ativos transferidos apenas por meios técnicos raramente é possível.
Red flags we documented.
- 01Brand impersonation via domain nameThe domain reproduces the name of a widely recognised Ethereum wallet service almost exactly, combined with a different top-level domain. This is a textbook typosquatting and brand-impersonation technique, intended to intercept users who trust the original brand and may not examine the full URL before proceeding.
- 02Misuse of the .bank TLD as a trust signalThe .bank top-level domain is subject to strict eligibility requirements and is conventionally associated with regulated banking institutions. Its use here appears designed to imply formal financial oversight that this operation does not hold, exploiting user assumptions about domain-name gatekeeping to lower vigilance.
- 03Presence on an independent fraud intelligence databaseThe domain is listed on the CryptoScamDB blacklist, an independently maintained registry of confirmed malicious cryptocurrency-related domains and addresses. Inclusion indicates the site has been identified through community reporting or automated detection as actively harmful to users.
- 04No verifiable operator identity or regulatory footingPhishing operations built around brand impersonation characteristically provide no verifiable information about the entity behind the service: no company registration, no licence numbers, no physical address. This absence is structurally consistent with an operation designed to be abandoned and replaced once detected by fraud databases or wallet providers.
- 05Private-key entry through a web interface is a critical warning patternAny platform prompting users to enter seed phrases or private keys into a browser-based form should be treated as high-risk by default. Reputable, non-custodial wallet providers do not require users to submit these credentials through web interfaces, making any such prompt a strong indicator of credential-harvesting intent.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.