//Dashboard

LAST_SCAN: 2m ago

[EXIT]

LOADING_MODULE...

//Dashboard

LAST_SCAN: 2m ago

[EXIT]

cases / CP-2025-002

HIGHCLOSED

CryptoPrisoners Donation Scam Investigation

TARGET: cryptoprisoners.com|OPENED: 2025-12-18

LIVE INVESTIGATION

✓ CASE CLOSED - PHISHING SITE BLOCKED

Torn Guard Success: Site Flagged by MetaMask in 3 Hours

cryptoprisoners.com has been confirmed as a phishing site and added to blocklists by SEAL, ChainPatrol, and MetaMask. Users are now protected from potential password theft, malicious transactions, and stolen assets. View Issue #211573

Investigation Summary: cryptoprisoners.com

Social engineering analysis • Account compromise suspected

INVESTIGATINGHIGH PRIORITY

KEY_CONCERNS

1. Source Verification

Tweet from @RealRossU promoting site - possible account compromise

2. Domain Registration

Registered in Thailand - unusual for US advocacy organization

3. Donation Transparency

No visible wallet addresses or clear donation mechanisms on main page

4. Historical Attacks

Ross Ulbricht accounts previously compromised (2017 hack, 2025 phishing)

WEBSITE_CLAIMS

Featured "Prisoners"

Roman Storm (Tornado Cash), Samourai Wallet founders, Ian Freeman, Roman Sterlingov

External Links

Links to freeromanstorm.com, freesamourai.com, freeiannow.org - legitimacy unverified

Solicited Actions

Sign petitions, donate to legal funds, write letters, share on social media

⚠️ CAUTION: Do not donate or interact with this site until investigation is complete. Verify legitimacy through official channels before taking any action.

DNS_INVESTIGATION

Initial IP (Dec 9)Unknown

Current IP (Dec 12)Pending Analysis

ServerUnknown

SSL IssuerPending Analysis

StatusUNDER INVESTIGATION

WHOIS_ANALYSIS

RegistrarUnder Investigation

CreatedUnknown

Initial HostingThailand (per metadata)

Current HostingUnder Investigation

IP MigrationN/A

recon_output.log

# CRYPTOPRISONERS INVESTIGATION
# Dec 18, 2025 - CASE CLOSED ✓

# Source: X/Twitter
$ curl -s "https://x.com/RealRossU/status/2001367249068966009"
# Tweet promoting cryptoprisoners.com detected

# Website Analysis
$ curl -I https://www.cryptoprisoners.com/
HTTP/2 200
server: cloudflare
# Site was active and serving content

# Report Submitted
$ gh issue create --repo MetaMask/eth-phishing-detect
# Issue #211573 created
# https://github.com/MetaMask/eth-phishing-detect/issues/211573

# MetaMask Response (3 hours later)
# ================================
# "This website might be harmful"
# Potential threats identified:
# - Secret Recovery Phrase or password theft
# - Malicious transactions resulting in stolen assets
# - Listed on blocklists: SEAL, ChainPatrol, MetaMask

# VERDICT: CONFIRMED PHISHING SITE
# STATUS: CASE CLOSED - SUCCESS ✓

# Torn Guard Impact:
# - Detected suspicious site
# - Submitted evidence to MetaMask
# - Site blocked within 3 hours
# - Users protected from potential scam

RED_FLAGS_SUMMARY

Indicator	Finding	Risk Level
Domain Location	Thailand	SUSPICIOUS
Promotion Source	@RealRossU (unverified)	HIGH
Donation Transparency	No visible wallets	SUSPICIOUS
Account History	Previously compromised	CRITICAL
Overall Assessment	Under Investigation	INVESTIGATE

CONTRIBUTE_TO_INVESTIGATION

Have additional information about this case? Submit a lead to help the investigation.

Torn Guard Defence Suite