Stacks (STX) Voting Rewards Scam
Cybersecurity researchers recently identified a fraudulent website operating under the domain proposal-stacks.co. The page impersonates the legitimate Stacks platform and falsely advertises a voting rewards campaign tied to the $STX cryptocurrency. The operation is not associated with any legitimate companies, organizations, or official Stacks entities. Its true objective is to steal cryptocurrency from unsuspecting users through a wallet-draining mechanism.
Table of Contents
A Fake Rewards Program Disguised as an Official Initiative
The scam page closely imitates the appearance of the legitimate Stacks website, replicating its branding elements, including logos, layout, and color scheme. Visitors are informed that a special vote is allegedly taking place to determine the '$STX Rewards Date.' According to the fraudulent claims, users who participate in the vote will receive bonus STX tokens after launch.
These promises are entirely fabricated. No official voting campaign or reward allocation connected to the Stacks project exists on the fraudulent domain. The imitation is designed specifically to create a false sense of legitimacy and urgency.
The real Stacks ecosystem operates as a Bitcoin Layer 2 blockchain that enables decentralized applications and smart contracts to function on top of Bitcoin. Its native token, STX, is used for network participation, transaction fees, and the platform's 'Stacking' reward system, which allows token holders to earn Bitcoin rewards by locking STX within the network.
How the Cryptocurrency Drainer Operates
The scam becomes dangerous once users interact with the 'VOTE NOW' button displayed on the fake page. Victims are prompted to connect their cryptocurrency wallets, a step presented as necessary for participation in the alleged voting program.
After a wallet connection is approved, the site activates a cryptocurrency drainer. This malicious tool is designed to automatically transfer digital assets from the victim's wallet to addresses controlled by cybercriminals. In many cases, the transfer occurs immediately and without any additional confirmation from the victim.
Because blockchain transactions are irreversible, stolen funds are usually impossible to recover. Once the assets are transferred out of the compromised wallet, victims permanently lose control of their cryptocurrency holdings.
Why These Scams Continue to Succeed
Fraudulent cryptocurrency campaigns frequently exploit the popularity and reputation of well-known blockchain projects. Cybercriminals create near-identical copies of official websites to deceive users into believing the offers are genuine. Fake token giveaways, staking bonuses, reward programs, and governance votes are among the most common tactics used in these operations.
Scammers commonly distribute links to these malicious pages through compromised or fabricated social media accounts on platforms such as X and Facebook. Fraudulent accounts may impersonate cryptocurrency projects, influencers, developers, or official support teams to increase credibility.
Users may also encounter these scams through:
- Misleading advertisements and pop-ups displayed on unsafe websites
- Phishing emails, malicious direct messages, and deceptive push notifications
- Rogue advertising networks associated with torrent portals or illegal streaming sites
- Adware infections that redirect browsers to fraudulent cryptocurrency pages
Warning Signs That Should Not Be Ignored
Several indicators can help identify fraudulent cryptocurrency reward websites before any damage occurs. Suspicious domains that slightly differ from official project websites are a major warning sign. Unrealistic reward promises, urgent participation deadlines, and unsolicited promotional messages should also be treated with caution.
Users should always verify announcements through official project channels before connecting a wallet or approving any blockchain transaction. Even a professionally designed page can be malicious if it operates from an unofficial domain.
Protecting Cryptocurrency Wallets From Drainer Attacks
To reduce the risk of falling victim to cryptocurrency drainer scams, users should carefully inspect website URLs, avoid interacting with suspicious promotional campaigns, and never connect wallets to unverified platforms. Security-conscious users also benefit from using browser protections, reputable antivirus tools, and dedicated wallets for high-value assets.
The safest approach is to assume that any unexpected token reward, governance vote, or giveaway promotion may be fraudulent until independently verified through official sources.
