How the scam operates.
myetherwallet.com.co operates as a brand-impersonation site, mimicking the visual identity and domain structure of a widely used, legitimate Ethereum wallet interface. The .com.co top-level domain is chosen deliberately: it is visually close enough to the authentic .com address that users arriving via search results, phishing links, or mistyped URLs may not notice the discrepancy. The intended audience is holders of Ethereum-based assets seeking to access or manage a self-custody wallet.
Once a visitor lands on the site, the typical mechanic involves soliciting sensitive credentials: private keys, seed phrases, or signed authorisation requests. These are the master credentials of any non-custodial Ethereum wallet; they cannot be reset or revoked. Any operation presenting a recovery or login form that requests this information is collecting the means to drain the associated wallets entirely and irrevocably. Possession of a seed phrase alone is sufficient to transfer all holdings.
The breakdown typically occurs after the fact. Victims notice outgoing transactions they did not authorise, or find their wallet balance reduced to zero. Because Ethereum transactions are irreversible and pseudonymous, and the operator controls the destination address, blockchain-level recovery is not possible without tracing and legal intervention. At this stage, victims are frequently targeted a second time by fraudulent recovery services that exploit the same distress.
Red flags we documented.
- 01Domain constructed to mimic a recognised wallet brandThe .com.co suffix is a well-documented technique for creating domains that appear legitimate at a glance. The full string myetherwallet.com.co exploits brand recognition built by a genuine service, routing traffic intended for that service toward an operation designed to harvest credentials.
- 02CryptoScamDB blacklist confirmationThe domain appears in the CryptoScamDB community blacklist, an open-source registry maintained by security researchers. Blacklist inclusion reflects reported harm or verified phishing behaviour, not mere suspicion.
- 03Private-key or seed-phrase solicitation patternAny site presenting itself as a self-custody wallet interface that requests a seed phrase or private key is operating outside all legitimate norms. No authentic wallet service requires these credentials to be entered online. This is a defining signal of a credential-harvesting operation.
- 04No verifiable operator identity or regulatory footprintThe domain carries no documented corporate registration, no named principals, and no regulatory authorisation in any jurisdiction. Legitimate financial services maintain at minimum a traceable corporate presence. The absence of any such footprint is consistent with an operation designed to be abandoned after use.
- 05Secondary fraud exposure following initial lossVictims of credential-theft operations are frequently targeted by follow-on recovery fraud. Having disclosed distress publicly or through contact forms, they become targets for operators claiming to offer asset recovery. Engagement with unsolicited recovery services carries a high risk of compounding the original harm.
What you can do now.
Open a free 24-hour case assessment with CryptoLeek +
Tell us what happened. A senior analyst reads your file within 24 hours and replies with an honest yes/no/conditional on recovery. The assessment is free. If we cannot recover the funds we say so plainly, including which (free) regulator channel you should use instead. If we accept the case, we open a numbered case file and issue a written quote for a flat investigation retainer before any work begins, scoped to case complexity, the jurisdictions involved, and the on-chain trail.
Trace your funds on-chain with our analysts +
We trace stolen crypto across BTC, ETH, EVM L2s, Solana, Tron, and major stablecoins using the same toolchain as regulators and tier-1 exchange compliance teams. The output is a forensic report anchored to specific transaction hashes and block heights, the evidence that exchanges, payment processors, and counsel actually act on. Recovery starts here.
Recover with counsel where civil action makes sense +
Where the trace lands in a jurisdiction with cooperative banks and courts, we coordinate with bar-licensed counsel in our 40+ jurisdiction network for civil action and asset-freezing orders (Mareva-style). Counsel bill you directly; the CryptoLeek investigation retainer is independent of counsel fees. The outcome is funds released back to your nominated wallet or bank account.