Steam’s legal compass is a joke: they only bow to Washington and "any court in Russia." Still ZERO apologies for the Raivo Plavnieks (RastalandTV) disaster. The platform is a literal safe haven for drainer devs. Valve just takes their cut of the dirty money and looks away. 🗑️💸 #Steam #Scam

Because no response or action has been provided, and due to what appears to be deliberately false statements made to protect a fraud operator, we have forwarded the full investigation materials to @ICANN Contractual Compliance, relevant regulatory authorities, and law enforcement in the state where @NameSilo is registered. Concealment of and assistance in criminal activity is not something that should be ignored or covered up.

🚨 Someone lost ~$1.77M USDC after signing a phishing permit (gasless approval) signature on Ethereum. 🎣⚠️

We've now proven that @NameSilo's abuse team intentionally lied in their public response. The operator's own emails — written before NameSilo got involved — contradict every claim they made. NameSilo is covering for this operator. The reason is theirs to explain. Our job was the evidence. It's done. It's permanent. It's public. What happens next is between NameSilo, the operator, and the victims they both created. Good luck to both of them. @Phish_Destroy | phishdestroy.io

Honest question for @NameSilo: Who is this operator to you? Employee? Contractor? Friend of support staff? Relative? Because he told us "subpoena the registrar" like a man who already had your answer. 3 registrars suspended him. You wrote him a defense. Who pays for the stolen $2M+ — you or him? Victims can reach you at [email protected] and [email protected]. They will. #xmrwallet #NameSilo #MoneroScam #PhishDestroy

Let's be direct. @NameSilo is lying. They claimed xmrwallet[.]com was "compromised" — hacked by a third party. The operator's own emails to us, written BEFORE NameSilo got involved, prove the "hack" story was fabricated. We have the receipts. #xmrwallet #NameSilo #MoneroScam #PhishDestroy

Or did you also investigate and conclude that it’s not one of the 7 domains, 5 of which were successfully blocked? Or is a client who paid for 10 years simply impossible to ban?

@key_systems Are you a spokesperson for Scamer too? Just like NameSilo? Six reports have been ignored – is everything OK? xmrwallet[.]me

looks like 1 year ago? x.com/Phish_Destroy/status/1… x.com/Phish_Destroy/status/1… x.com/ImCryptOpus/status/202…

Is helping a scammer clear their VT record a new registrar service? We proved this wallet was created to steal funds from day one. The owner is actively wiping reviews and trying to take down entire GitHub accounts. Like client, like registrar.

🚨 THREAD: @NameSilo is acting as press secretary for a $2M+ Monero theft operation. xmrwallet[.]com steals private keys since 2016. 6 security vendors flag it. 3 registrars suspended it. NameSilo called the scammer "the victim" and is helping him remove @virustotal warnings. Our investigation 👇

🚨 INVESTIGATION: NiceNIC — The Bulletproof Registrar Behind Global Cybercrime After our abuse reports went unanswered, Decodecybercrime.com went deep: corporate shells, blockchain money trails, and a registrar enabling phishing, malware, scams & illegal pharma at scale. ICANN, registries, payment processors — it's time to act. 🔗 decodecybercrime.com/nicenic… #Cybercrime #Phishing #ThreatIntel #OSINT #ICANN #InfoSec

Taking Safe Harbor on-chain? Our On-Chain Adoption Guide shows you how to implement the framework directly into your smart contracts: frameworks.securityalliance.…

Our friends—or rather, the friends of scammers, lockers, malware, stealers, and other criminals—have a desire to read our articles and even bought themselves a premium in Telegram. HOORAY. But yeah. And by the way, they are Russian, and that's exactly the point here. That’s why Russian groups are being defended, and there’s a scent of impunity. We’re expecting 'Investigation v2,' while 'NiceNick' continues to protect his partners-in-profit and state hacking attacks in the interests of Russia.

🚨 ALERT: ZachXBT says a threat actor exposed a $23M wallet during an argument, linked to $90M+ in suspected stolen US govt funds.

1/ Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025.

Is everything okay with you?

🚨 They DM'd me promising quick cash as a Discord moderator... Their scam attempt turned into a face reveal 😈 Exposed. (A thread 🧵) Repost, Like and enjoy the story below... 1/11

oopsies 🤭

Based on multiple OSINT investigations, NiceNIC functions as if its only priority is keeping scam infrastructure alive. While every other registrar removes fraudulent domains, NiceNIC consistently ignores abuse, dismisses regulators, and leaves victims exposed. Their behavior places them at the core of today’s global scam ecosystem — without their platform, the scale of online fraud would be dramatically smaller. Full investigation: phishdestroy.medium.com/nice… Tagging for oversight: @ICANN @FBIDirectorKash @TrustWallet

Is this truly acceptable from an ICANN-accredited registrar? A significant portion of the phishing, drainer, and scam domains we track end up being registered specifically through NiceNIC. Yet every time full evidence is submitted — URLs, screenshots, timestamps, URLScan intelligence, VirusTotal detections, and complete PDF reports — the response is always the same: “Not enough information.” So this raises an even more serious question: If all that is somehow “insufficient evidence” for NiceNIC to act on clearly malicious domains, then what is considered sufficient for maintaining ICANN accreditation? Because right now the pattern looks like this: • large numbers of confirmed threats registered under the same registrar, • fully documented abuse reports submitted repeatedly, • zero action taken, • automated denials each time, • malicious infrastructure left online for weeks or months. At what point does this stop being “slow processing” and start becoming a compliance issue? And how does a registrar explain rejecting complete verifiable evidence while simultaneously being the registration source for so many identical malicious domains? This situation cannot continue without oversight. @NiceNIC_NET @ICANN @apwg @Shadowserver @spamhaus @GlobalCyberAlln

Dear Reporter, Thank you for submitting your report. We have received your message and appreciate the effort to keep the Internet safe. However at this stage the information provided is not sufficient for our team to verify the issue or to determine the nature of the reported activity. Reports we receive may involve many different categories including DNS abuse content related matters commercial disputes impersonation fraud allegations intellectual property claims or other types of online misuse. For each category we are required to review the evidence based on the policies of ICANN registries and applicable laws. To proceed with a proper review we kindly ask you to provide clear and verifiable evidence that directly shows the issue you are reporting. Useful information includes full URLs of the specific webpages involved screenshots that clearly show the content the domain name and the URL visible in the browser the date and time of observation technical indicators such as mail headers server responses or scan results when applicable and any explanation of how the reported activity relates to the harm described in the complaint. Please note that registrars are required to distinguish between DNS level abuse and matters related to general website content business disputes or the legality of products or services. Some categories must be handled by the website operator the hosting provider the merchant platform the payment processor or the appropriate law enforcement agency rather than at the domain level. We will review the evidence you provide and take the appropriate action based on the policies that apply. As soon as we receive clear supporting evidence our abuse team will reopen the case immediately and conduct a full review in line with ICANN requirements and registry rules. Thank you for your understanding and cooperation. Best regards, NiceNIC Abuse Team ICANN Accredited Registrar since 2012 Domains | Reseller API | Business Email | SSL Certificates | Servers

🚨 #Scam ALERT 🚨 🎥 Fraudulent stream detected: youtube.com/watch?v=XnBSjVES… Topics: #Cybersecurity #Cybersec #Streamjacking #YouTubeScam Tagging for awareness: 📢@seal @_SEAL_Org @VitalikButerin @saylor Stay vigilant and avoid suspicious links! 📩 Report scams to protect others.

🚨 Someone lost $229,951 in aEthLBTC and aArbWETH after signing multiple phishing signatures.

🚨 New #metamask phishing scam alert Attackers are impersonating a “2FA security verification” flow, redirecting users via look-alike domains to fake security warnings with countdown timers and “authenticity checks.” The final step asks for your wallet recovery phrase — once entered, funds are stolen. ⚠️ Stay alert. cc @im23pds

🚨 Someone lost $1.08M worth of $aEthLBTC after signing a malicious "permit" signature.

🚨 Scam Sniffer 2025 Report is out! Crypto phishing losses dropped 83% — $494M → $83.85M, with 106K victims (-68%). But the threat followed the market: Q3 rally = highest losses. EIP-7702 exploitation emerged post-Pectra. Full report 👇 drops.scamsniffer.io/scam-sn…

Per @zachxbt on Telegram... An ongoing attack is impacting hundreds of wallets across various EVM chains, with funds being siphoned in small amounts (generally under $2,000 per wallet). The underlying cause remains unknown. Losses currently exceed $107,000 and are continuing to increase. Suspicious address: 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB DeBank: debank.com/profile/0xAc2e515…

Watching SEAL Grow Up: Our 2025 Story This year proved that security doesn’t mature in isolation. It grows through collaboration over competition. We launched initiatives & the industry adopted them. Partners showed up. Researchers contributed. Companies trusted us. That’s what growth looks like. Here’s a snip it of what we accomplished with all of your support👇 SEAL Safe Harbor In February, we celebrated our Safe Harbor Agreement turning one. By October, we awarded our first Safe Harbor Champions based on your votes to @AlchemixFi and @Cointelegraph. SEAL Safe Harbor is now protecting $70B+ in assets across 21 protocols and multiple blockchains! SEAL Intel Our threat intelligence team tracked and exposed multiple major threat actors this year, including: - ELUSIVE COMET: radar.securityalliance.org/2… - PERPETUAL DRAINER: radar.securityalliance.org/2… - SLOVENLY COMET: radar.securityalliance.org/2… + We launched the Phishing Defense Network for real-time detection and protection against advanced phishing threats with founding partners @MetaMask, @WalletConnect, @Backpack, and @phantom. radar.securityalliance.org/2… + We built something genuinely new: cryptographic verification to solve the cloaking problem. radar.securityalliance.org/2… Watching SEAL Intel mature into this coordinated response force? That’s good stuff. 💙 SEAL Frameworks This year, we officially launched SEAL Frameworks (community-driven security playbooks) + published free resources in a dozen different aspects of web3 security, including: - Community Management - Security Awareness - Incident Management - Operational Security - Wallet Security - Multisig for Protocols - External Security Reviews - Domain & DNS Security - DPRK IT Workers - Security Testing - ENS - Safe Harbor SEAL Certifications Only a few weeks ago we published a Request for Comments for SEAL Certifications & 15+ pilots are already underway! We’re ready to set standards. radar.securityalliance.org/r… SEAL 911 Through every headline, every crisis, every mid-night panic SEAL 911 kept running. Our 24/7 emergency response team saved ~$95M USD this year. 🙏 THANK YOU! Thanks to every journalist who covered our work. Every protocol that adopted Safe Harbor. Every researcher who contributed intel. Every domain expert stewarding a Framework. Every wallet that joined the defense network. Everyone reporting to phishing sites. You’re not just supporting SEAL — you’re helping build crypto’s immune system. Here’s to building a more secure 2026. 🥂🎉