Key Highlights
- The samouraiwallet.com domain, previously seized by the FBI in August 2025 after Samourai Wallet’s shutdown, has been taken over by scammers in early March 2026 and is now being used for Bitcoin phishing attacks.
- Attackers are distributing trojanized PDFs disguised as “Cryptocurrency Mining For Dummies” via subdomains, with detections on VirusTotal dating back to late 2025.
- Former Samourai users’ Bitcoin remains secure on-chain; seeds can be safely recovered using trusted wallets like Sparrow or Electrum.
The domain once home to Samourai Wallet, a Bitcoin privacy tool shut down amid money-laundering charges, has ironically fallen into the hands of cybercriminals and is now pushing phishing attacks targeting Bitcoin (BTC) holders.
Security firm SlowMist issued a fresh alert on March 24, 2026, confirming the takeover of samouraiwalle[.]com. The site, seized by the FBI in August 2025 following the project’s 2024 closure, was apparently allowed to lapse or was auctioned off early this month.
Grabbing the opportunity, unknown actors quickly registered it through NameCheap and repurposed the familiar branding to lure former users.
SlowMist researchers, citing community reports, noted that the domain now hosts phishing infrastructure unrelated to the original non-custodial wallet.
Subdomains, including one with a lengthy Chinese-sounding name, have been linked to malware distribution dating back to late 2025. VirusTotal scans flagged trojanized PDFs disguised as guides like “Cryptocurrency Mining For Dummies,” designed to infect visitors and steal wallet credentials.
The current status of investigation remains in the dark as multiple reports to NameCheap about the abusive registration have gone unanswered, and the current owner is shielded by privacy protection services.
The Samourai Wallet case
Samourai Wallet’s original developers faced federal charges in 2024 for allegedly facilitating over $200 million in illicit transactions through its mixing features.
The co-founders of the wallet, Keonne Rodriguez and William Hill, later pleaded guilty to operating an unlicensed money-transmitting business; the domain seizure followed in 2025. User funds, however, were never held custodially and remain safe on the blockchain.
Anyone who previously used the wallet can still recover their Bitcoin offline. Besides, verified open-source alternatives such as Sparrow Wallet or Electrum allow seed-phrase imports without touching the compromised domain.
The incident highlights ongoing risks in the crypto space, where abandoned or seized infrastructure can quickly become weapons in the hands of opportunists. As of Tuesday, the phishing site remains live, and community warnings continue to spread on X.
Also read: Kalshi Rolls Out Preemptive Checks to Block Athletes and Politicians From Insider Trading
