Skip to content

Comments

Add warnonsol.top to blocklist#1766

Open
NoirReports wants to merge 1 commit intophantom:masterfrom
NoirReports:flag-warnonsol-top-1771613866929
Open

Add warnonsol.top to blocklist#1766
NoirReports wants to merge 1 commit intophantom:masterfrom
NoirReports:flag-warnonsol-top-1771613866929

Conversation

@NoirReports
Copy link

@NoirReports NoirReports commented Feb 20, 2026

Blocklist Addition: warnonsol.top

Summary

Adding warnonsol.top to the Phantom blocklist. This domain is an active Solana wallet drainer — it prompts users to connect their Phantom wallet and then submits malicious transactions to steal all SOL and SPL tokens.

Evidence

(no automated scan available)

Domain Intelligence

(no WHOIS/intel data available)

Attack Details

  • Target: Phantom and other Solana wallet users
  • Method: Fake dApp UI → wallet connection prompt → malicious drain transactions
  • Impact: Complete wallet drain (SOL + all SPL tokens)
  • Distribution: Social media, Discord DMs, fake airdrop campaigns
  • Technical: Obfuscated JS, anti-analysis techniques, transaction simulation spoofing

Verification

  • Confirmed the domain is actively malicious
  • Domain is not already on the blocklist
  • Simultaneously reported to MetaMask, Solflare, ScamSniffer, and Google Safe Browsing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NoirReports