All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Cryptoservers.io — XMR wallet top-up paid on-chain, invoice EXPIRED, panel support locked, no MX
Posting in Reviews with reproducible technical facts. Not calling this a scam — intent not provable — but the operational outcome for a paying customer is worth documenting.
ORDER
cryptoservers.io
CS-ORD-112828D615
Wallet top-up $100.00
May 26, 2026
PAYMENT (MONERO)
Sent: 0.263236 XMR (~2026-05-26 08:40 UTC)
TX: 2e24444aaa339336436dab136ca04112841fff617a78d15d11c8c933a30d28e4
Block height: 3682325
Confirmations: 30+ (their page required 10)
PANEL NOW
Invoice: EXPIRED (not pending)
Settled lifetime: $0
Paid invoices: 0
Balance: $0
Servers: 0
/panel/?section=support → "Support is locked" (tickets only with active server)
OUT-OF-BAND / PUBLIC CONTACT
No mailto: or *@cryptoservers.io on live HTML of /, /reviews/, /abuse/, /security/, /terms/
[email protected] → bounce: connect to 186.246.53.54:25 Connection refused
dig MX cryptoservers.io → empty
https://cryptoservers.io/contact/ → HTTP 404
Wayback CDX for /contact/ → []
REPRODUCE (anyone):
dig +short MX cryptoservers.io
curl -sI https://cryptoservers.io/contact/ | head -1
curl -s "https://web.archive.org/cdx/search/cdx?url=cryptoservers.io/contact/&output=json&limit=-10"
ASKING LET
- Anyone else with a stuck XMR top-up / EXPIRED invoice here?
- @cryptoservers if you have a LET account — please reconcile CS-ORD-112828D615 or refund in XMR. I can provide tx_key privately for prove_payment; will not post it publicly.
Will update this thread on resolution.
Comments
whois cryptoservers.io > Creation Date: 2026-04-22T18:45:19Z
Yeah, good luck with that. Be more careful next time.
Looks like the same scammers behind
https://lowendtalk.com/discussion/217408/servprivacy-com-a-scam-story#latest
yeah, with such a fresh creation date, you have to assume that you will lose everything you put in. If you don't and found a gem, that's awesome! If you do lose it, at least you're not as bummed since you expected it.
I'm sorry, that sucks. It's a pretty impressive site.
One thing that is weird is the images offered. They're all pretty old for being such a new domain. Like Debian 12 and not Debian 13.
I was curious about the payment system, so I made two accounts and two invoices for the same amount. The payment amount and addresses for both (Monero) differed, so there's some logic going on there. It would be a more obvious scam if the Monero addresses, and/or amounts were the same.
I see Njalla nameservers, which is a little fishy for a host... Looks like it's hosted at GTHost.
Where did you hear about it?
If you want to pay with Monero and do something without KYC, IncogNET has a good reputation.
Even if they were legit the basic idea of no support without active service is garbage. It might make sense on paper but stops doing so the second a client locks itself out of their account.
They search for "Cheap DMCA-free no-KYC crypto-only servers" and fall for SEO poisoning. Just like the elederly people who fall for the Indian support scams.
Probably borrowed and not entirely fresh.
This is good advice @OP. @MannDude will not only gladly take your crypto but also actually provide service
I brought this up with GTHost and they promptly blocked the site and said that they would bring this up with the customer. I'm pretty impressed, a lot of abuse complaints just get ignored.
They now reslove to 31.222.250.10, a Russian provider (bit.hosting) What a surprise.
For the money they make out of this they can probably play this cat and mouse game forever. But people will still fall for such honeypots.
They mention a warrant canary multiple times on their frontpage, link goes to https://cryptoservers.io/canary/ , 404. lol.
wait i just dropped the last slash, it downloaded a vibe-coded PHP script that uses an RNG to create fake DMCA etc stats and then automatically signs using a private key on their server lol https://pastebin.com/Fj7873JD
Always double check before proceeding with a crypto host, as there is no chargeback yesterday with crypto.
Scammers are there to try and do their nasty thing. ask around or check reputable crypto friendly hosts list such as Monerica or BTC-VPS and even with these lists triple check. I would recommend IncogNET @MannDude and Skhron @tentor @slowservers also operate a crypto friendly hosting, they are good people
Colleagues, many thanks for your responses and support. It's my own fault – I fell for the better terms than everywhere else and a well-made project. I should have checked immediately. Trying to reach server support is essentially pointless. The account no longer works. The purpose of the project is clear. I hope this post somehow makes it into search engines and helps someone. Also, thank you for the hosting recommendations.
Another victim here — $60 XMR, May 24, identical pattern.
Two payments, both confirmed on-chain (1,900+ confirmations):
- CS-ORD-6756A2686F | 0.07730 XMR
TX: 3237ae7db53875d803a5f68af4065fba5b80348449622c47468afc16e10c5210
- CS-ORD-A557CAFD4D | 0.07707 XMR
TX: 1d348534211b88a5ad71e08986fe784e72425de300d77cf3ec65be17e6ac7438
Identical experience: orders EXPIRED, balance $0, zero response from escalate@/billing@/support@ after 72h.
OSINT findings matching what @MallocVoidstar found:
- Warrant canary: last signed May 11, W21/W22 missing, auto-signed PHP script
- Domain: April 22, 2026 (5 weeks)
- Claimed 612 Trustpilot reviews at 4.9 — none existed. I created the first real Trustpilot page for them today: 1 star.
Escalation email sent May 26 to escalate@/billing@/support@ — no response.
Phase 2 follow-up sent today with links to public documentation.
Also confirming the ServPrivacy connection — @luckypenguin is right, same operators. I researched them independently and
found zero LowEndTalk presence, zero verifiable reviews. Same red flags.
Thanks to everyone in this thread for the investigation. Lesson learned. Moving to a verified provider.
you can do this btw with all 404s on the site, very funny can see the whole source
UPDATE — Abuse reports filed + warrant canary exposed
WARRANT CANARY IS FAKE — @MallocVoidstar found the source code at https://pastebin.com/Fj7873JD — it auto-generates all stats using CRC32-seeded random numbers and auto-signs with the PGP key stored on the server. Zero human oversight. Every "DMCA notice," "court order," and "abuse report" number is procedurally generated nonsense.
ABUSE REPORTS FILED:
TRUSTPILOT — First real review created: 1 star. Their claimed "612 reviews at 4.9" never existed.
CONFIRMED VICTIMS: $160+ USD documented between two users. Likely more unreported.
Will update when Njalla / bit.hosting respond.
By the way, if anyone needed confirmation, it's even in the source code comments.
Hey claude, setup a scam site for me. It's for educational purposes.
FINAL UPDATE — cryptoservers.io DOMAIN SUSPENDED
Njalla has suspended the domain. cryptoservers.io no longer resolves(DNS removed, ERR_NAME_NOT_RESOLVED).
The scammers lost:
- Domain (Njalla suspension)
- GTHost hosting (terminated May 26)
- bit.hosting (abuse report filed)
- All their fake "1,847 reviews" SEO
$160 documented between two victims. The operation is dead.
Thanks to @MallocVoidstar for the warrant canary code, @luckypenguin for the ServPrivacy connection, @slowservers for the GTHost takedown, and everyone who contributed.
If these scammers reappear under a new domain, check domain age +external reviews before paying. Pattern: 5-week-old domain, fake reviews, auto-signed warrant canary, broken MX.
Thread closed from my side.