Fake Multichain Website Scam

A recent incident involved a DeFi enthusiast visiting what appeared to be the official Multichain bridge—only to have their wallet drained within moments. In these fraudulent schemes, cyber-criminals craft near-perfect clones of legit cryptocurrency platforms. Connected wallets trigger malicious smart contracts that siphon off every last token.

---

Threat Overview

Category: Phishing / Scam (Cryptocurrency Drainer)
What It Targets: Users’ Web3 wallets (e.g., MetaMask, Trust Wallet)
Why It Matters: Once a wallet signs the malicious contract, automated transactions transfer all assets to attacker-controlled addresses—irreversible on public blockchains.

---

In-Depth Analysis

Infection Vector

1. Malvertising & Pop-Ups: Victims click ads promising “bonus rewards” or “airdrop claims.”
2. Social Media Spam: Phony tweets or DMs lure users with links to the scam domain.
3. Typosquatting: Slightly misspelled URLs (e.g., arbiusclaim.pages.dev) masquerade as legit Multichain pages.

Behavioral Profile

1. Site Impersonation: Delivers a near-identical UI copy of multichain.org.
2. Wallet Connection Prompt: Users are asked to “Connect Wallet” under the guise of claiming DeFi rewards.
3. Malicious Contract Approval: Behind the scenes, the site triggers a smart-contract approval granting transfer rights.
4. Automated Draining: Smart contract executes, moving all ERC-20 and NFT assets to attacker wallets.

Risk Assessment

• Financial Impact: Victims report losses ranging from a few hundred dollars to six-figure sums.
• Traceability: Crypto transactions are pseudonymous and irreversible—no chargebacks.
• Prevalence: Reports since 2021 show tens of thousands of crypto scam incidents with losses exceeding a billion dollars.

---

Artifact Text

Below is the scam site’s front-end summary as discovered by researchers:

Threat Summary: 
Name: "Fake Multichain Website" crypto drainer  
Threat Type: Phishing, Scam, Social Engineering, Fraud, Cryptocurrency Drainer  
Disguise: Multichain  
Related Domains: arbiusclaim.pages.dev  
Detection Names: Combo Cleaner (Phishing), CyRadar (Malicious), Emsisoft (Phishing), Trustwave (Phishing), Webroot (Malicious)  
Distribution Methods: Compromised websites, social media spam, rogue pop-up ads, PUA bundles  
Damage: Monetary loss  
Severity: High  

Dealign with Crypto Scams – Method 1: Manual Removal Guide

Follow these steps to manually remove crypto scams and protect your system.

Step 1: Identify the Crypto Scam Source

• Check if you’ve been contacted by a scammer through email, Telegram, Discord, WhatsApp, or social media.
• Identify any malicious software installed on your system, such as fake wallet apps or browser extensions.
• Scan your browser history and emails for phishing links.

Step 2: Report and Freeze Crypto Transactions (If Possible)

• Contact your crypto exchange immediately if you suspect fraud.
• Check if your transaction is pending (some blockchains allow canceling or replacing a transaction).
• Report the scam to authorities such as:
  • FBI Internet Crime Complaint Center (IC3)
  • U.S. Securities and Exchange Commission (SEC)
  • Federal Trade Commission (FTC)

Step 3: Remove Malicious Software and Fake Wallet Apps

1. Windows Users:
   • Open Control Panel > Programs and Features
   • Look for unknown apps related to crypto wallets or trading bots.
   • Click Uninstall.
2. Mac Users:
   • Open Finder > Applications
   • Locate suspicious apps and drag them to the Trash.
3. On Mobile (Android & iOS):
   • Go to Settings > Apps (Android) or General > iPhone Storage (iOS).
   • Uninstall any unrecognized crypto wallet apps.

Step 4: Clear Browser Data and Remove Malicious Extensions

1. Google Chrome:
   • Go to chrome://extensions/
   • Remove unfamiliar or suspicious extensions.
2. Firefox, Edge, Safari:
   • Open settings and remove unauthorized extensions.
3. Clear Cache & Cookies:
   • Open browser settings → Privacy → Clear browsing data

Step 5: Reset Passwords & Enable Two-Factor Authentication (2FA)

• Change passwords for your crypto exchanges, wallets, and emails.
• Use a strong, unique password for each account.
• Enable 2FA on all critical accounts (Google Authenticator or YubiKey recommended).

Step 6: Scan for Malware and Keyloggers

Even if you removed software manually, some malware can still lurk in your system. Use a security tool to perform a deep scan (see SpyHunter method below for an automatic removal process).

Step 7: Monitor Your Accounts & Funds

• Track your crypto wallet transactions using Etherscan or Blockchain Explorer.
• Keep an eye on email login alerts from suspicious locations.
• Use a hardware wallet (Ledger, Trezor) for better security.

---

Method 2: Automatic Removal Using SpyHunter

For a fast and reliable way to remove crypto scam-related malware, use SpyHunter.

Step 1: Download SpyHunter

Step 2: Install SpyHunter

1. Run the SpyHunter setup file.
2. Follow the on-screen installation steps.
3. Open SpyHunter once installed.

Step 3: Perform a Full System Scan

1. Click on "Start Scan Now" to analyze your system.
2. Wait for the scan to detect crypto scam malware, spyware, keyloggers, and phishing trojans.

Step 4: Remove Threats Automatically

1. Click "Fix Threats" after the scan completes.
2. SpyHunter will eliminate malware, fake apps, and browser hijackers.

Step 5: Protect Your System from Future Crypto Scams

• Enable SpyHunter's Real-Time Protection to block phishing sites and prevent future infections.
• Regularly scan your system for new threats.

---

Prevention Tips: How to Avoid Crypto Scams in the Future

• Always verify website URLs before logging into exchanges or wallets.
• Avoid unsolicited investment offers on Telegram, Discord, and email.
• Never share your private keys or recovery phrases with anyone.
• Use a hardware wallet instead of online wallets.
• Regularly update your antivirus and anti-malware software.
• Be skeptical of high-return crypto investment schemes.

---

Conclusion

Fake Multichain website scams exploit trust in DeFi bridges to steal digital assets instantly. Vigilance—verifying URLs, avoiding unsolicited “airdrop” links, and using reputable anti-phishing tools—is critical. Early detection prevents irreversible fund losses.