Drainer Site at a Glance
| Portal Type | Fake Presale / Token Drainer |
|---|---|
| Attack Vector | Social Media "Airdrop" Bait / Fake Presales |
| Primary Red Flag | Fake Funding Progress Bars ($4.5M+ Fake Raise) |
| Targeted Assets | SOL, ETH, Stablecoins, NFTs |
| Malicious URL | solanexai-axy.pages.dev |
| Risk Status | ⚠ EXTREME RISK — UNLIMITED APPROVAL DRAINER |
Forensic Audit: solanexai-axy.pages.dev
⚠ CRYPTO DRAINER ALERT
This domain hosts a malicious decentralized application (dApp) designed to steal the contents of your cryptocurrency wallet. Do not connect any wallet or approve any transactions on this site.
The site solanexai-axy.pages.dev is a part of a larger cluster of phishing domains targeting the Solana and AI narrative. It uses a free Cloudflare Pages domain to host a professional-looking "Presale" dashboard. This portal is often promoted through hijacked X (Twitter) accounts or bots in Telegram/Discord groups, claiming that users can buy $SOLDEX tokens at a discount.
Documented Red Flags
- Fabricated Raising Metrics: The site claims to have raised over $4,490,139. Forensic monitoring shows this number is hardcoded or procedurally generated to increase automatically, regardless of actual transaction volume. This is a psychological tactic to validate the scam.
- "Connect Wallet" Trap: The site features a persistent prompt to connect a wallet. Once connected, it initiates a series of transaction requests. These are not for "buying" tokens but are "Unlimited Approval" or "Transfer" requests that grant the attacker control over your funds.
- Error Baiting: The site contains built-in error messages like "Transaction Failed!", "Gas Problem!", and "Wrong Network!". These are used to keep the victim signing new requests in the hopes that one will "work," while the attacker systematically drains different asset classes (e.g., draining SOL first, then USDT, then NFTs).
Public Safety Advisory: Presale Verification
Legitimate presales are almost always announced through established launchpads or verified official websites with long-standing domain history. Never connect your primary "cold" wallet to a site hosted on a free subdomain like .pages.dev or .netlify.app.
Identified Drainer Mechanics
| Solana Drainer | Targeting Phantom and Solflare wallets for immediate SOL transfers. |
|---|---|
| ETH/EVM Drainer | Using permit and approve functions to steal ERC-20 tokens. |
| FOMO Loop | Hardcoded timers and "USD Raised" counters that never stop increasing. |
Drainer Recovery FAQ
I connected my wallet and my tokens are gone. What now?
If you signed a transaction that drained your wallet, the assets are moved to a "tumbler" or "bridge" almost immediately. However, the path to the off-ramp can still be traced. Our forensic analysts use advanced tools to follow the "peel chains" used by these syndicates. Contact our blockchain forensic team for a trace evaluation →
I only "connected" but didn't sign anything. Am I safe?
Simply "connecting" a wallet allows the site to see your public address and balance. It does not allow them to move funds. However, if you signed ANY popup (even if it said "Verify" or "Fail"), you may have granted permissions. Use Revoke.cash or Solana Permission Manager to check and revoke any active allowances immediately.
Forensic Blacklist Status
Status: ACTIVE CRYPTO DRAINER
Campaign: Solanex AI ($SOLDEX) Fake Presale
Infrastructure: Cloudflare Pages (Abuse)
Date Flagged: April 2026