Seized Samourai Wallet Domain Relaunched as Phishing Site

Edgen Crypto·Mar 22 2026, 19:36

Share to

Share to

Copy link

Key Takeaways

The seized domain for the Bitcoin privacy service Samourai Wallet was repurposed by criminals in March 2026, creating a new phishing trap for unsuspecting users. This event highlights a dangerous escalation in social engineering tactics across the crypto space, where recent scams targeting corporate email lists and developer communities have led to significant financial losses, demonstrating the long-term security risks associated with seized digital assets.

The domain for Samourai Wallet, previously seized by U.S. authorities, was hijacked by criminals in March 2026 to create a phishing site designed to steal user funds.
The attack is part of a wider surge in sophisticated crypto scams, including a recent scheme that cost a Hong Kong retiree $840,000 through repeated social engineering.
This incident erodes trust in crypto infrastructure by showing how even seized digital assets can be weaponized, posing a persistent security threat long after official enforcement actions.

Seized Samourai Domain Resurfaces as Phishing Trap in March 2026

A domain previously seized by U.S. authorities for the Bitcoin privacy service Samourai Wallet has been repurposed into a sophisticated phishing trap. In March 2026, criminals gained control of the domain and relaunched it as a fraudulent site targeting the wallet's former user base. This attack vector exploits the residual trust users may have in a once-legitimate, now-defunct project, turning a law enforcement action into a new opportunity for financial theft and undermining confidence in the security of seized digital infrastructure.

Phishing Attacks Escalate, Costing One Victim $840,000

The Samourai Wallet incident is not an isolated event but part of a broader pattern of increasingly bold social engineering scams. In a recent case, a Hong Kong retiree lost approximately $840,000 over six months to a series of three related crypto scams initiated through WhatsApp. This trend extends across different platforms, with attackers recently compromising the email list of major retailer Nordstrom to promote a fake crypto giveaway and targeting OpenClaw developers on GitHub with fraudulent airdrop offers. These multi-channel attacks demonstrate that scammers are deploying more creative and targeted methods to exploit victims, moving beyond simple email phishing to infiltrate trusted communities and corporate communication systems.