Olivia
Online
kasIntel
@KaspaIntel
kaspa’s community run project to make ecosystem transparent by analysing #krc20 tokens and unusual behaviour to detect fraud.
Joined May 2025
11 Following
272 Followers
125 Posts
We kicked off @KaspaIntel with @kasundercom earlier in the year to make On-Chain Investigation great again.
https://t.co/gbLab6nIM8
Today, we're thrilled to pass the torch to @kdoggo1181074 (aka CatDog)!
Get to know @kdoggo1181074 here, our recent episode here https://t.co/8zOlnKGmLV
His rock-solid integrity, insane level of effort in those epic deep-dive investigations, and killer background in computer science + PhD in computational neuroscience make him the perfect fit.
Handing over the page means he can rally the full community support to keep exposing the shady stuff.
📷
#Kaspa
#KasIntel
#DYOR
DO NOT give out your seed phrase to anyone.
If you are new to crypto then learn that simple trick to protect your assets.
Also, don’t simply trust the website/s even if you have used them before.
🚨 Phishing Alert: kaspa-wallet[.]io 🚨
This morning, @cohengiladh brought an interesting URL to my attention: kaspa-wallet[.]io. Strange, I don’t recall ever seeing this URL, but I often have to check myself because new stuff is popping up in the $kas community every day.
Curious and slightly suspicious, I performed a quick WHOIS and DNS lookup.
Immediately, red flags began to appear…
To solidify my concerns, I compared this to https://t.co/zoXMP9TKU9, a legitimate URL I’ve used countless times before. The differences were clear. Something was wrong here.
Time to investigate.
At first glance, kaspa-wallet[.]io looked visually identical to the genuine Kaspa wallet page. Seamless to the casual eye. However, one crucial difference stood out: the primary function of this site was to encourage users to restore their wallets by entering their 12-word seed phrase. dodgy.
Attempting any other function dumped you back at the legitimate https://t.co/zoXMP9TKU9 site. Classic phishing technique. Users, confused by the strange behaviour, would re-enter their credentials on the genuine site, not realising their seed phrase was already compromised.
Diving into the page’s code made everything painfully clear:
- Upon entering your seed phrase, JS sends it silently via POST to "https://fonts.up.railway[.]app/api/t1/image"
After successfully stealing the seed phrase, it redirects users to https://t.co/zoXMP9TKU9 to mask the theft.
I verified this by sending a test request with dummy data via CURL-ing this endpoint and It immediately responded with:
{"status":true,"message":"sent"}
This means the backend is actively receiving and storing stolen seed phrases.
Actions I’ve taken so far:
-Reported to the domain registrar (Sarek)
-Reported to the hosting provider (Vercel)
Now, the backend of this phishing scam is hosted at Railway (@Railway) , and unfortunately, I can’t submit a phishing report directly without an account.
@Railway please immediately suspend: fonts.up.railway[.]app
Concerningly, this website has also gamed Google SEO rankings and it’s now appearing on the first page of results for “Kaspa Wallet,” often the 4th or 5th result...
This is all the more reason that we need to swiftly remove this site before more unsuspecting victims are affected.
If you would like to help:
- Please report this to the domain registrar here: https://t.co/6yeSlbw3B9
- Please report this to the hosting provider here:
https://t.co/BDnXWbnE64
-Please report this to the backend hosting here:
@Railway
If the above is too technical for you, please a share of this post is more than enough to raise awareness for these type of scams.
Protect yourself:
- Always double check you’re using the correct URL
- Be wary of search results and sponsored links
- Bookmark official crypto wallet URLs
![elldeeone's tweet photo. 🚨 Phishing Alert: kaspa-wallet[.]io 🚨
This morning, @cohengiladh brought an interesting URL to my attention: kaspa-wallet[.]io. Strange, I don’t recall ever seeing this URL, but I often have to check myself because new stuff is popping up in the $kas community every day.
Curious and slightly suspicious, I performed a quick WHOIS and DNS lookup.
Immediately, red flags began to appear…
To solidify my concerns, I compared this to https://t.co/zoXMP9TKU9, a legitimate URL I’ve used countless times before. The differences were clear. Something was wrong here.
Time to investigate.
At first glance, kaspa-wallet[.]io looked visually identical to the genuine Kaspa wallet page. Seamless to the casual eye. However, one crucial difference stood out: the primary function of this site was to encourage users to restore their wallets by entering their 12-word seed phrase. dodgy.
Attempting any other function dumped you back at the legitimate https://t.co/zoXMP9TKU9 site. Classic phishing technique. Users, confused by the strange behaviour, would re-enter their credentials on the genuine site, not realising their seed phrase was already compromised.
Diving into the page’s code made everything painfully clear:
- Upon entering your seed phrase, JS sends it silently via POST to "https://fonts.up.railway[.]app/api/t1/image"
After successfully stealing the seed phrase, it redirects users to https://t.co/zoXMP9TKU9 to mask the theft.
I verified this by sending a test request with dummy data via CURL-ing this endpoint and It immediately responded with:
{"status":true,"message":"sent"}
This means the backend is actively receiving and storing stolen seed phrases.
Actions I’ve taken so far:
-Reported to the domain registrar (Sarek)
-Reported to the hosting provider (Vercel)
Now, the backend of this phishing scam is hosted at Railway (@Railway) , and unfortunately, I can’t submit a phishing report directly without an account.
@Railway please immediately suspend: fonts.up.railway[.]app
Concerningly, this website has also gamed Google SEO rankings and it’s now appearing on the first page of results for “Kaspa Wallet,” often the 4th or 5th result...
This is all the more reason that we need to swiftly remove this site before more unsuspecting victims are affected.
If you would like to help:
- Please report this to the domain registrar here: https://t.co/6yeSlbw3B9
- Please report this to the hosting provider here:
https://t.co/BDnXWbnE64
-Please report this to the backend hosting here:
@Railway
If the above is too technical for you, please a share of this post is more than enough to raise awareness for these type of scams.
Protect yourself:
- Always double check you’re using the correct URL
- Be wary of search results and sponsored links
- Bookmark official crypto wallet URLs](https://pbs.twimg.com/media/GszwK75bcAANVQ2.jpg)
@LevendiPro On the idealistic side we dont agree! but on more realistic and practical side perhaps do agree with you @LevendiPro
Worth highlighting, all those things then comes down to incentives for the "community team" which has to come from someone's pocket/investment or tokens sales.
DAGtectives it’s not about KasUnder or us to do the investigations. It’s upon each and everyone of you to start doing research.
We are here to provide the platform, tools and most importantly knowledge so please no more excuses anymore!
Start investigating!
Deleted the tweet to avoid any further retweets
All fixed now guys!! Link on the profile works.
Someone saw our link got expired and directed!
Deleting the previous tweet now
@kdoggo1181074 Its fixed now guys, someone saw our link expired and redirected it. All fixed now.
ok fixed guys ! easy one.
@LevendiPro Well! unfortunately decentralisation doesn't work without effort from each and everyone of you who cares!
@stillballin09 @Fluxkz10 @zachxbt @LevendiPro @kdoggo1181074 @kasundercom Hey! Could you please jump on discord and explain to us. We are new to Chainge issues, i am sure community will look into it after few other projects in the queue.
@MANTIS_ON_KAS we’d have preferred you replying to us on the facts & as @xImHoveR put it; your response is complete unprofessional
As we discussed on the call. We didn’t put out other discrepancies just the one with high probability. Our aim is simply provide facts.
First of our Friday Reports is here! 📄
Big thanks to @KaspaIntel for some free PR (guys, please read our X a bit more carefully next time, If you can help us track a few whales we’d appreciate it).
Have a great weekend, Swarm!
#KRC20 $KASPA $MANTIS #Memecoin
You can join on X call.
1. Why did you mint you own tokens via different wallets and sent it to your own deployed wallet ?
2. Did you guys bought your own tokens via couple of your own seperate wallets
3. Did you sent out all supply for airdrop that you said you are going to.
It has been decided that @MANTIS_ON_KAS is officially a scam within Kaspa’s ecosystem.
I am the official Kaspa judge.
I would like $Mantis not to be a scam, but they are showing no transparency.
@xImHoveR @MANTIS_ON_KAS
Last Seen Users on Sotwe
S Mushatq
Seen from Pakistan
Sebas Tames
Seen from Turkey
baskara
Seen from Indonesia
GreekGayVideos
Seen from Greece
RAMEY 
Seen from United States
FILM JAV
Seen from Indonesia
Derek Wilson
Seen from United States
ukhti gemesss
Seen from Indonesia
Jonathan Sprinkles
Seen from United States
pijat Kupang
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
61.9M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers