Analysis of the newly obtained domains, in turn, led researchers to two citizens - Andrey Sokol from Moscow and Alexander Ermakov from Kyiv. These are probably pseudonyms.
Since 2020, a large number of phishing sites have been registered to these individuals. Among them were those who impersonate MetaMask and steal user account data from various darknet sites.
For example, one of these sites brought the attackers about $18,000 in crypto assets in 5 days (from March 15 to March 19, 2024).