Crypto Wallet Drain Scam
Attack Trigger
Fear of lost cryptocurrency + fake wallet support urgency
What Attackers Want
Entire crypto wallet balance — total and permanent loss
How This Attack Works
Scammers impersonate crypto wallet providers (Coinbase, MetaMask, Ledger) claiming your wallet has been compromised. They direct victims to a fake recovery portal that requests the seed phrase — which gives the attacker full, permanent control of the wallet. Seniors are increasingly targeted as crypto ownership expands to older demographics.
Red Flags to Watch For
- ✗Legitimate wallet providers never ask for your seed phrase by email
- ✗Sender domain is not the official wallet provider domain
- ✗"Wallet suspended" urgency designed to prevent careful thought
- ✗Support phone number leads to offshore call centre, not official support
Known Malicious Domains
These domains have been associated with this attack. Never click links going to these addresses.
- coinbase-wallet-alert.comMALICIOUS
- metamask-security-verify.netMALICIOUS
- crypto-wallet-support.comMALICIOUS
Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free