How the scam operates.
Esta operação se apresenta como uma interface legítima de carteira Ethereum, explorando uma peculiaridade de renderização dos navegadores conhecida como ataque homógrafo de punycode. O domínio codifica caracteres Unicode que são renderizados de forma visualmente indistinguível de um provedor de carteira Ethereum bem estabelecido. O público-alvo é qualquer pessoa que busque esse provedor ou que siga um link de phishing. A apresentação superficial, layout, identidade visual, esquema de cores, costuma ser clonada do serviço legítimo para reforçar a ilusão de autenticidade.
O mecanismo operacional é a coleta de credenciais, não a fraude de investimento. Visitantes que acreditam estar acessando uma carteira genuína são instruídos a enviar sua chave privada, seed phrase mnemônica ou arquivo keystore para 'desbloqueá-la'. O operador captura essas credenciais no lado do servidor no momento do envio. Como as chaves privadas de Ethereum concedem acesso incondicional e irreversível aos fundos on-chain, o operador pode esvaziar as carteiras associadas imediatamente ou em lotes. Não há um envolvimento prolongado, a fraude se resolve em uma única interação.
O ponto de falha só se torna aparente depois que as vítimas percebem que os fundos sumiram ou notam, por meio de um aviso do navegador ou alerta de lista negra, que o domínio visitado diferia do pretendido. A essa altura, os ativos normalmente já foram transferidos para endereços intermediários e dispersados por mixers ou chain-hopping. O operador não deixa canal de atendimento ao cliente, identidade corporativa nem presença recuperável. As vítimas ficam com um registro público na blockchain, mas sem nenhuma contraparte acionável.
Red flags we documented.
- 01Punycode homograph impersonation patternThe domain is registered in punycode (xn-- prefix) to encode Unicode characters that render as visually similar Latin glyphs in browser address bars. This technique exists solely to deceive, no legitimate wallet provider operates through a homograph of its own brand.
- 02Private-key entry on a third-party domainAny interface that solicits a raw private key, seed phrase, or keystore file outside locally installed software is operating outside all accepted security norms. Legitimate non-custodial wallet services never require server-side submission of these credentials.
- 03CryptoScamDB blacklist confirmationThe domain appears in the CryptoScamDB community blacklist, a maintained registry of cryptoasset phishing and fraud infrastructure. Blacklist inclusion reflects community-verified evidence of malicious intent, not merely suspicion.
- 04No verifiable organisational identityThe operation presents no auditable corporate registration, no named operators, and no regulatory standing in any jurisdiction. Absence of any accountable legal entity is a consistent feature of short-lived credential-harvesting infrastructure.
- 05Single-interaction, irreversible loss patternUnlike investment fraud, which sustains a relationship to extract further deposits, this pattern resolves in one session. Once a private key or seed phrase is submitted, all associated funds become accessible to the operator with no further victim action required.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.