Declaration trap: Crypto Drainers masquerading as European Tax Authorities

Group-IB tracked an active 2025 phishing campaign targeting Dutch (and expanding to other European) crypto holders by impersonating Belastingdienst / MijnOverheid. Victims receive urgent tax-declaration emails that link to convincing government-themed phishing sites which collect personal data and either capture wallet seed phrases (exfiltrated to Telegram/admin panels) or use WalletConnect to present and have victims sign malicious transactions (Inferno Drainer), resulting in rapid wallet draining; the report provides sample scripts, hashes, and numerous domain IOCs.