THE ENABLERS REGISTRY dossier cover with redaction bars, classified stamps, and archive seal.

Archive hub / mirrored navigation

A hub page, but no longer their lobby

Navigation survives better when it is not wrapped in somebody else’s branding exercise. This shell keeps the wayfinding, drops the self-description, and stays indexable.

Hub indexMirror shellRead-only

Open source gate Front index Registrar ledger

File /hub·Source voice preserved·Brand labels redacted

Total Tracked

CRITICAL THREAT

Fake AML Verification Scam: How Scammers Impersonate Compliance Tools

Fake AML verification scams are a rapidly growing crypto threat where attackers create fraudulent websites impersonating legitimate Anti-Money Laundering compliance tools — most prominently [REDACTED]. These sites trick users into connecting their Web3 wallets for a fake "compliance check," which triggers a malicious smart contract that drains all assets. THE ENABLERS REGISTRY tracks over 1,054 AML scam domains, with the official AMLBot warning that fake platforms are surging.

372

Domains Detected

CRITICAL

Threat Level

How This Attack Works

The scam exploits growing awareness of AML/KYC compliance requirements in crypto. Users who want to verify their funds are "clean" land on a convincing clone and unknowingly authorize a wallet drainer.

STEP 1

Lure via Search & Social

Victims encounter fake AML check sites through Google Ads, [REDACTED] DMs, social media posts, or SEO-poisoned search results for queries like "check wallet AML" or "is my crypto clean."

STEP 2

Clone Legitimate UI

The site closely mimics the official [REDACTED] design, branding, and interface. Some clones replicate staff profiles and create fake [REDACTED] accounts impersonating AMLBot team members.

STEP 3

Request Wallet Connection

Unlike the real AMLBot (which only needs a wallet address as text input), the fake site asks users to "connect wallet" via [REDACTED] or WalletConnect to "generate an AML report."

STEP 4

Drain Assets via Smart Contract

The wallet connection triggers a malicious smart contract (setApprovalForAll or token approval) that scans all tokens/NFTs, prioritizes highest-value assets, and drains everything to attacker-controlled wallets. Transactions are irreversible.

Technical Analysis

The AML scam ecosystem uses sophisticated infrastructure. Domains typically use .com, .org, .app TLDs registered through privacy-friendly registrars (IANA #3765, WEBCC account for 163+ domains). Many use IANA #1910 CDN for legitimacy.

The drainer mechanism is identical to other wallet-connect possibly phishing: upon connection, the site calls setApprovalForAll() or increaseAllowance() on the victim's token contracts. The drainer scans all assets, estimates value, and prioritizes extraction of highest-value tokens first.

According to AMLBot's 2025 Crypto Crime Report, 65% of crypto incidents are driven by social engineering rather than technical exploits, with possibly phishing ranking as the #2 attack type (18% of all incidents).

Key technical indicators: domains containing 'aml', 'amlbot', 'aml-check', 'aml-verify' in the URL; wallet connection prompts (the real AMLBot never requires this); recently registered domains; missing or fake SSL certificates.

Real Cases

AMLBot Clone Wave (2024-2026) (2024-2026)

1,350+ fake domains stolen

AMLBot officially warned about an alarming rise in scammers impersonating AMLBot on various platforms, including fake [REDACTED] bots and clone websites.

[REDACTED] Drainer (2024)

Wallet drainer active stolen

[REDACTED], resolved to IANA #1910 IP 104.21.25.10. Served a fake "AML wallet check" interface with wallet-connect drainer. THE ENABLERS REGISTRY report.

PCRisk AML Warning (Jan 2026) (January 2026)

12+ documented domains stolen

PCRisk documented a new wave of fake AMLBot sites including [REDACTED], [REDACTED], [REDACTED], [REDACTED]. FTC reports over 46,000 people lost $1 billion to crypto scams since 2021. PCRisk report.

[REDACTED] Campaign (2024)

Multiple victims stolen

Typosquat of AMLBot serving crypto drainer via fake compliance check UI. Documented by Malware Guide and PCRisk.

How to Detect

Site asks to "connect wallet" — the real AMLBot only needs a wallet ADDRESS as text input, never a wallet connection

Domain contains "aml" variations: amlbot, aml-check, aml-verify, amlcrypto (verify against official [REDACTED])

Recently registered domain (check WHOIS — legitimate AML services have years of history)

Urgent messaging: "Your wallet may be flagged" or "Check compliance before funds are frozen"

Promoted via [REDACTED] DMs, Google Ads, or unsolicited emails instead of organic search

How to Protect Yourself

1 Bookmark the official AMLBot at [REDACTED] — never click links from ads, DMs, or emails

2 Remember: legitimate AML tools only need a wallet address (text), never a wallet connection or private keys

3 Check any AML domain on THE ENABLERS REGISTRY before interacting with it

4 Use a separate "burner" wallet with minimal funds when testing any new DeFi/Web3 service

5 If you connected your wallet to a suspicious site: immediately transfer remaining funds to a NEW wallet and revoke approvals at revoke.cash

Frequently Asked Questions

What is a Fake AML Check Scam?

It's a possibly phishing attack where fake websites impersonate legitimate AML compliance tools like [REDACTED]. They trick users into connecting their crypto wallets for a fake "compliance check," which actually triggers a smart contract that drains all assets. The real AMLBot only needs a wallet address typed as text — it never asks for wallet connections.

How many fake AML domains has THE ENABLERS REGISTRY detected?

THE ENABLERS REGISTRY currently tracks over 1,054 domains related to AML scams, including typosquats of AMLBot, generic fake AML checkers, and sites using "aml-verify" or "aml-check" in their names. The number grows daily as scammers register new domains.

How do I check if an AML site is legitimate?

The only official AMLBot website is [REDACTED]. Any other domain claiming to be AMLBot is a scam. You can verify any domain at enablers.report. Red flags: wallet connection requests, recently registered domain, promotion via [REDACTED] DMs or ads.

What should I do if I connected my wallet to a fake AML site?

Act immediately: 1) Transfer ALL remaining funds to a brand new wallet, 2) Revoke token approvals using revoke.cash, 3) Report to authorities (FTC, FBI IC3), 4) Document everything (transaction hashes, screenshots, URLs). Never pay anyone claiming they can "recover" your funds.

Data sourced from THE ENABLERS REGISTRY threat intelligence database — 372 domains tracked for this threat type

Fake AML Check Scam 372 domains