restore-metamask.com Used to Steal Entire Crypto Wallets

The malicious domain restore-metamask.com was used to steal existing crypto wallets of metamask.io users. It also allowed new wallets to be created and cryptocurrencies deposited to the new wallet, but it would ultimately go to the attackers.
Bad Opsec: xcazanova -> thetoxichydra -> utoxic

Utoxic is very likely xcazanova, or at minimum very close to him based on the evidence I will show. A leopard don’t change its spots.
PaaS à la carte: Phishing Kit Caught In Development

A phishing kit found in-the-wild during the development stage and leaks the ‘order notes’ from the buyer.
Spox is Dila Belimi

Hi my name is Spox (Dila Belimi) and I like to steal from average people during a global pandemic.