Exposing the Kroll Crypto Wallet Scam

The report describes a phishing campaign impersonating Kroll that leveraged legitimate sender domains and a newly-registered malicious landing domain to redirect victims to a page prompting WalletConnect/MetaMask approval; the author analyzes domain WHOIS/DMARC results, redirect behavior, and the wallet-connection flow, warning that supplying wallet credentials or approving connections would permit attackers to drain funds.