How the scam operates.
The site presents itself as a legitimate Ethereum wallet interface, drawing on the naming conventions of MyEtherWallet, a widely-recognised self-custody wallet tool. The domain reproduces the MyEtherWallet name within an unconventional top-level structure, positioning it to intercept users navigating toward the genuine service via mistyped URLs or manipulated search results. The apparent target audience is Ethereum holders seeking self-custody wallet access.
Operations of this pattern function as credential-harvesting fronts. A replica interface prompts users to submit private keys, seed phrases, or keystore files under the pretence of wallet access or account recovery. The operator collects these credentials silently; the user may encounter a plausible error message or loading screen while submitted data is transmitted to infrastructure controlled by the operator. At no point does the user gain access to a functional wallet.
The moment of discovery typically arrives when users return to their genuine wallet and find holdings absent, or attempt a transaction and encounter failures that cannot be explained by network conditions. By this point the operator has transferred assets to addresses outside the victim's control. Recovery efforts are complicated by the pseudonymous nature of on-chain movements and the complete absence of any verifiable organisational identity behind the fraudulent domain.
Red flags we documented.
- 01Lookalike brand impersonation via domain nameThe domain reproduces the name of a well-known, legitimate Ethereum wallet service within an unconventional top-level structure. This is a recognised hallmark of phishing operations engineered to intercept users before they reach the genuine service. MyEtherWallet, the brand being imitated, has no association with this domain.
- 02Unconventional top-level domain signals no accountabilityEstablished wallet providers operate under standard, verifiable top-level domains with traceable registration histories. The use of a non-standard top-level identifier here provides no institutional accountability and no established trust signal. Legitimate financial services do not operate under structures of this kind.
- 03CryptoScamDB blacklist listingThe domain is listed on the CryptoScamDB community blacklist, a broadly referenced index maintained by security researchers who actively catalogue fraudulent cryptocurrency infrastructure. Inclusion reflects documented community reporting of harmful activity associated with the domain.
- 04Credential-harvesting risk profile consistent with wallet-impersonator patternWallet-interface impersonators of this type are built specifically to capture private keys or seed phrases, which grant irreversible access to all funds in the associated wallet. Any site presenting itself as a wallet login or recovery tool that is not the independently verified original carries a substantive theft risk.
- 05No verifiable operator identity or regulatory presenceNo company registration, regulatory filing, or traceable organisational identity is associated with this domain. Legitimate wallet services maintain public accountability channels and verifiable legal entities. The complete absence of any such presence removes any basis for trust or recourse.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.