Spotted first by @ecarlesi. ETH drainer impersonating OpenSea. The malicious actor/s could be Dutch as well as the targets, based on the drainer site's language. This drainer kit redirects you to a different website if: - you did not use the correct path - you already connected previously to the website (via storage objects) It also includes a Telegram bot to alert the malicious actor/s for real-time movements. Telegram bot used: 5399326657:AAGOLtMLA7bMROzVUjeKDuR4GqrAblWbfXQ username: metajsonuserrrs_bot chat id: -709367678 title: MetaMaskActiveUsers admin id: 2146370516 username: tanjrii premium user It also retrieves the same ETH wallet address from a Github gist: /gist.githubusercontent.com/ethereumjs-tx/020102e055e65567fe158f018fa226c6/raw/4171303cd239f36b6d4781d21786492de783ff9e/SIGN%2520ETH The account was created recently: /gist.github.com/ethereumjs-tx The claim page has a different Telegram bot compared to the document and index. 5538424823:AAHktsHcJOuPtDnjXy0jbWgFEMu2Hwgqq48 username: cryptofinechkd_bot chat id: -1001599540988 title: cryptoWalletsTextFiles /t.me/+Q7M498koivAyN2Nk tanjrii is still the creator