Nefarious cryptocurrency wallets have been a problem for as long as most people can remember. Before there were web wallets, most dubious wallets were shared as malware-infected executable wallet files for Bitcoin and the few altcoins that existed back then. These days, people just create fake online wallet services in an effort to attract people and money. XMR-Wallet.org is one of those wallets which practically screams fraud, as it is seemingly not operated by any Monero community member.
Beware of XMR-Wallet.org
Although XMR-Wallet’s website may look somewhat normal and professional, there have been a few reports of missing funds. That in itself is not entirely surprising, considering no one knows for sure who is operating this service. It is not an endorsed project by the XMR community, nor is it one of the recommended wallet solutions out there either. Depositing funds to this wallet is a recipe for losing money, as various users have seen transactions disappear or balances fail to update over the past few days.
Considering that this domain was only registered slightly over a week ago, it is very likely that it is a big scam in progress. The nameservers also seem to indicate it is hosted in Russia, which is another red flag. That’s not because we have anything against Russia, but the country is unfortunately known for its massive cybercrime scene. It is only normal that people would start connecting the dots when information like this presents itself.
A WHOIS query of XMR-Wallet.org shows it to be registered to an individual by the name of Stefan Dorner in Austria. It is possible the domain was registered with stolen credit card information, although that has not been confirmed at this point in time. It is not uncommon for cybercriminals to purchase web hosting and domain names with stolen credit cards, especially when it comes to setting up HYIP or other Ponzis.
A few Monero community members recently looked into this matter to determine whether or not this web wallet is nefarious. It seems the wallet will constantly generate new deposit addresses for the same integrated Monero wallet. The website template also appears to be a demo version, but it does the job of convincing novice XMR users by the look of things. Based on the source code, the creation of Monero addresses is also mainly done through text rather than by linking to an actual Monero wallet. It’s a very dubious setup; that much is evident.
It is unclear how many people have been scammed by this nefarious online Monero wallet service. One Reddit user reported losing 31 XMR due to this fraudulent scheme, but it is highly likely there are a lot of other victims out there. Similar wallet services are becoming all too common in the overall cryptocurrency world. Avoiding these scams is also a lot harder than it seems for novice users, as XMR-Wallet was not on the list of official Monero scams until now.
Moreover, it is unclear how people even came across this wallet to begin with, as it is not listed on any official site as a reputable online wallet. One possibility is that XMR-Wallet has appeared in paid ads above search engine results. If that is the case, companies such as Google really need to step up their games in this regard. We can only hope people will avoid this online wallet from now on before more money is lost.