Phishers and scammers can’t get enough of sending their feeble attempts to Malwarebytes’ employees. For which we can’t thank them enough because it means we can warn you, our readers.
This time the scammers tried to impersonate Best Wallet—an app that lets people store, send, and receive cryptocurrencies like Bitcoin and Ethereum directly on their own device, without needing a middleman or a bank.
The aim of this scam: to trick people into connecting their cryptocurrency wallets to a fake site, giving scammers a way to steal private keys, seed phrases, or other payment details.
There are many cryptocurrency-based scams around, but this one is a little different.
“BestWallet : You are eligible for our event !”
The shortened URL leads to https://bestwallet-event[.]com/.
To avoid detection by bots and researchers, the website is behind a Captcha—which also builds a bit of false trust, since it’s something visitors expect to see.
Solving the Captcha brings the target to a rather convincing copy of the real bestwallet(.com) website, featuring the so-called event.
For those new to cryptocurrencies, an “airdrop” is a giveaway of a new or existing cryptocurrency to promote awareness or reward supporters of a project or platform.
On the surface the site looks very similar to the legitimate one, right down to the branding, visual assets, and even the FAQ content. But one thing stood out: the “Connect a Wallet” button in the top right-hand corner.
The real site only provides links to official app stores for downloads. It doesn’t include wallet connect options or payment forms.
If you were to tap that “Connect a Wallet” button, you’ll see these options:
This is the same menu you’ll see if you click the “Claim Token” or “Check Eligibility” buttons, by the way.
The code on the fake website also includes JavaScript elements that could copy/paste or intercept user inputs during wallet connections or transactions—unlike the official site, which directs users to app stores for all sensitive actions.
From all this it seems obvious the scammers’ goal is to phish wallet credentials, private keys, seed phrases or steal payment details. These attacks are often disguised in interactive buttons/forms that the real site never uses outside the regulated app or store environments.
How to stay safe
Besides the golden rule–that when it sounds too good to be true, it probably is, or at least deserves extra scrutiny–there are a few other tips to stay out of the scammers’ claws:
- Don’t respond to unsolicited text messages.
- Never click on links in messages before verifying the destination. Scammers use shortened URLs to hide impersonation domains.
- Use up-to-date real-time protection on your devices, preferably with a web protection component:
- If you see any prompt for wallet connection, seed phrase, or card details directly in the browser, close the tab immediately. That’s a strong sign the site is fake and attempting to steal your cryptocurrency.
- If you’re unsure whether a message is a scam, submit it to Malwarebytes Scam Guard and it will help you decide and provide advice.
We don’t just report on scams—we help detect them
Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!
