A major phishing scheme has been uncovered in the cryptocurrency ecosystem involving a deceptive website, signature[.]land, that mimicked a legitimate wallet authorization management tool.
The scam was brought to light by cybersecurity firm SlowMist, which assisted a victim who had unknowingly pasted their private wallet key into the fraudulent site.
Believing they were resolving a “risky authorization,” the victim was duped by the site’s professional appearance, which was intentionally crafted to resemble trusted tools like Revoke.
Once the private key was submitted, it was immediately transmitted to an email address controlled by the attackers, compromising the user’s assets within seconds.
Scammer Poses as Security Expert to Gain Credibility and Spread Misinformation
The attacker behind this scheme operated under the online alias @Titanspace3 and used advanced social engineering to gain victims’ trust.
Masquerading as a security expert, the scammer stole the identity of respected crypto investigator @zachxbt, using their profile image and pretending to be part of the SlowMist team.
In an alarming twist, the scammer also managed a verified X account with more than 74,000 followers, which was used to reply to posts by crypto users.
These replies warned of fake “risky wallet activity” and included links to the phishing site, where victims were tricked into giving up sensitive wallet credentials under the false pretense of protecting their assets.
ScamSniffer and SlowMist Confirm Site’s Malicious Behavior
Following the initial reports, ScamSniffer, a Web3 anti-phishing platform, and SlowMist jointly confirmed the malicious nature of the signature[.]land site.
Their investigation revealed that the website generated fake threat warnings for any wallet address entered, pressuring users to act urgently.
The method capitalized on fear and urgency, common psychological triggers used in phishing attacks.
All submitted information was routed to abpulimali@gmail[.]com, a clear indicator of centralized data theft.
The site’s infrastructure and behavior were built solely to harvest private keys, not to assess real wallet risks, further confirming its sole purpose as a phishing trap.
Also Read: Blockchain Investigator Flags Usual Protocol Attack of $43K, Vault Suspended
Crypto Community Urged to Be Cautious Amid Evolving Threat Landscape
In light of this alarming incident, SlowMist has issued a public advisory emphasizing that private keys should never be entered on any website, regardless of how credible it appears.
Users are urged to only use verified tools from official sources and adopt a zero-trust policy when interacting with unknown platforms or individuals online.
The scam highlights the increasing sophistication of phishing attacks within the Web3 space, where attackers now manipulate trusted identities and professional-looking sites to deceive users.
As threats evolve, the best defense remains user education, digital skepticism, and strict adherence to secure practices in managing crypto assets.
Also Read: Crypto Investigator Warns Against Fake HyperLend Ads On Google That Could Lead to Phishing Scams