I wrote about this project last month here (might be worth reading first): https://dunshea.au/posts/2025/seedbuster
Since then I’ve kept chipping away at it in the most minimal way possible (mostly prodding codex from the couch lol) over the last couple of weeks.
As of today, the project feels ready to share.
It’s not perfect. Maybe it’ll be helpful, maybe it won’t. What I do know is that through building it I took down 9 scam sites I found. That alone made it worth it.
I’ve always known phishing sites exist, but I’d never looked closely at how they behave. A lot of these sites aren’t just a static scam page. They use basic (but effective) cloaking heuristics to hide the real phishing UI depending on what you do and where you’re coming from.
Stuff I saw:
- after a victim submits a seed phrase, the site changes behaviour
- if you hit the site multiple times in a short period, it may swap to a benign page
- if you visit from a flagged ASN, you often get served a harmless “info” page instead of the scam
That last one is especially annoying because it breaks the normal abuse workflow.
When you report a site to a hosting provider, registrar, or API backend, their security team often validates the report by visiting the link themselves. If their company IP ranges are already blocked, they land on a totally harmless page and conclude “nothing to see here.”
Some of the fake benign pages were genuinely absurd. One of them was trying to sell actual Kaspa wallets with an AI-generated picture of a physical wallet that literally had “kaspa” written on it lol.
The point of SeedBuster is basically community-scale reporting.
If more of us are submitting good reports to the right providers, with consistent evidence, it becomes harder to ignore. One report is easy to dismiss. Fifty reports isn’t.
None of this is a silver bullet. It’s whack-a-mole unless the domain registrar actually locks the domain. Attackers can (and do) move their backend elsewhere as soon as they’re blocked. But even then, wasting attacker time matters, and every minute a scam site is offline is a minute it can’t catch someone who’s less technical (or just having a distracted day).
Side note i find interesting: I found a genuinely committed attempt to clone the Kaspa NG wallet UI. Up until then, every scam I’d seen was basically the old/simple Kaspa web wallet look. This one was different.
If you know the Kaspa NG interface, you gotta admit it’s pretty good, but honestly it was convincing enough that I have friends/family who would absolutely fall for it.
It even tried to copy the little image in the right-hand corner, but couldn’t nail the Kaspa “K” (it’s mirrored the wrong way lol).
And yeah, they even had a visualiser animation that actually moved - although it did remind me of just a snake because it had only one montion (do better guys lol)
I did manage to get this one taken down, so that’s a win.
Originally the site was just “SeedBuster” and it was purely about seed phrase phishing for the kas community. Then I kept running into other scam patterns and realised there’s no reason to keep it Kaspa-only.
So it’s open to any crypto scam sites. It’s not just seed phrase scams. And it’s not just for the Kaspa community.
The whole project is open source. If you’ve got ideas, open a PR. If you want to fork it and build your own thing, go for it. I don’t care who owns it — I just want fewer people getting scammed.