The official domain of the defunct Samourai Wallet has been hijacked by malicious actors and transformed into an active platform for sophisticated Bitcoin phishing attacks, posing a severe security risk to the cryptocurrency community. The domain, originally seized by the U.S. Federal Bureau of Investigation (FBI) in August 2024, was reactivated on March 3, 2026, under its original registrar, NameCheap.
Cybersecurity experts warn that criminals are leveraging the domain's historical legitimacy and the wallet's original aesthetic to create a convincing phishing trap. The fraudulent site mimics a legitimate wallet or recovery service, prompting unsuspecting users to enter private keys, seed phrases, or passwords, leading to the irreversible theft of Bitcoin funds.
This incident highlights a critical vulnerability in the post-seizure lifecycle of digital assets. The domain remained technically active after the FBI seizure, and a lack of administrative maintenance—compounded by the imprisonment of the platform's founders, Keonne Rodriguez and William Hill, on money laundering charges—facilitated the digital hijacking. The community on X has reported the case to NameCheap, requesting an immediate domain suspension to prevent further victimization.
The Samourai Wallet case underscores how seized digital infrastructure can be repurposed for crime, exploiting user trust and the verified history of a domain to bypass common security skepticism. It serves as a stark reminder for users to adopt a zero-trust approach, never enter seed phrases online, and verify all software through official, community-vetted channels.
