xmrwallet.com Scam: How NameSilo Became the Press Secretary for a $2M Monero Theft Operation

xmrwallet.com has been stealing Monero private keys since 2016. Fifteen documented victims. $2M+ estimated stolen. Six security vendors on VirusTotal flag it as malicious — including Fortinet ("Phishing"). Three registrars suspended the operator's domains within days. The fourth registrar — NameSilo — contacted the scammer, accepted his story, and published a public defense calling him "the victim." This is the technical breakdown of how the theft works, why NameSilo's response is provably false, and why their "abuse review" is either incompetent or complicit. Full investigation by PhishDestroy Research — Evidence page · GitHub repo · Medium article NameSilo's Public Response — Verbatim "Our Abuse team conducted an in-depth review into this case and it seems that domain was compromised a few months ago (during which a copy of the webpage was replaced with a crypto-drainer). Prior to that, we had received no abuse reports related to this domain. After an extensive investigation, our tea