Privacy Policy

What this site is

This website (xmrwallet-demo.pages.dev) is an interactive research demonstration created by PhishDestroy.io. It reconstructs the technical mechanism used by xmrwallet.com to steal Monero cryptocurrency from its users over an 8-year period (2018–2026).

This is not a real cryptocurrency wallet. This is not a financial service. No real funds, keys, or wallets are involved.

What data we collect

Almost nothing. Here's the full picture:

• Google Analytics (UA-116766241-1) is loaded on the landing page (index.html) intentionally — it's part of the demonstration. It replicates the exact tracking ID used by the original xmrwallet.com. You can disable it with ?notrack=1.
• Wallet data (seeds, keys, addresses, transactions) is generated entirely in your browser using JavaScript. It is stored in localStorage only — it never leaves your device, it is never sent to any server.
• Session data created in the demo (operator panel captures, connection logs) exists only in your browser's localStorage and is auto-deleted.
• No cookies are used for tracking. The DDoS-Guard cookies on the landing page are fake — they're part of the demo to show what the original site did.
• No server-side processing exists. This is a static site hosted on Cloudflare Pages. There is no backend, no database, no API server.

What we don't do

• We don't collect personal information
• We don't sell or share any data
• We don't track users across sites
• We don't store anything server-side
• We don't use real cryptocurrency keys or wallets

Why Google Analytics is present

The original xmrwallet.com loaded Google Analytics (UA-116766241-1) on its landing page while simultaneously stealing private keys. This is a key finding of our investigation — the site used Google's tracking infrastructure while operating a cryptocurrency theft operation.

We replicate this exact behavior so that security researchers can verify it using tools like URLScan.io. When you scan our landing page, you'll see the same Google requests that appeared on the original scam site. This is intentional and documented.

Third parties

• Cloudflare Pages — hosting (standard Cloudflare infrastructure logs apply)
• Google Analytics — loaded on index.html only, as described above. Disable with ?notrack=1
• CoinGecko API — a single request to fetch current XMR/USD price for display purposes
• Monero public node — a single request to fetch current block height for display purposes

Contact

PhishDestroy.io — security@phishdestroy.io