How the scam operates.
The domain myetherwallet.americanexpress is constructed to imply an institutional or co-branded cryptocurrency wallet offering, presenting as though it carries the authority of a major financial organisation. The naming convention suggests legitimacy by association, targeting users who might trust the constituent brand names independently. The surface presentation likely mimics the interface of a recognised Ethereum wallet service, lending it visual credibility.
Operations of this pattern function as credential-harvesting instruments. Visitors are typically prompted to enter sensitive wallet data, including private keys, seed phrases, or similar authorisation credentials, under the pretence of accessing or restoring a wallet. Once this information is submitted, the operator gains irreversible access to the victim's on-chain assets. There is no functional wallet service; the interface exists solely to extract credentials.
The point of failure for victims typically arrives when expected wallet functionality does not materialise, or when on-chain transaction records reveal unauthorised transfers initiated immediately after credential submission. At this stage, assets are ordinarily unrecoverable through conventional means, as blockchain transactions are irreversible by design. The operator leaves no traceable customer support channel, and the domain typically becomes unreachable once scrutiny increases.
Red flags we documented.
- 01Compound brand impersonation in domain constructionThe domain combines the name of a widely-used Ethereum wallet platform with that of a major global financial institution. Neither brand has any documented association with this domain. This construction is a deliberate trust signal designed to lower a visitor's guard before credentials are solicited.
- 02Listed on the CryptoScamDB blacklistThis domain appears directly on the CryptoScamDB community blacklist, a collaboratively maintained registry of addresses and URLs associated with fraudulent activity in the cryptocurrency ecosystem. Blacklist inclusion reflects documented reports of harmful behaviour linked to this domain.
- 03No verifiable regulatory or institutional affiliationDespite the domain's implied association with a recognised financial institution, there is no public record of any licence, registration, or partnership that would authorise this domain to operate as a financial service or wallet provider of any kind.
- 04Pattern consistent with credential-harvesting operationsDomains structured to mimic legitimate wallet interfaces are a well-documented attack vector in cryptocurrency fraud. The operational pattern involves collecting private keys or seed phrases under false pretences, granting the operator permanent, irreversible access to victim funds.
- 05Domain structure characteristic of brand-jackingThe use of a well-known wallet name as a subdomain prefix, combined with the name of an unrelated financial institution as the apparent root domain, is characteristic of brand-jacking rather than legitimate service delivery. Genuine wallet services operate under their own verified and independently registered domains.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.