Most of what we document is sourced to the project's own posts and its community. This one is different. It comes from outside BlockDAG entirely: a phishing flag applied by MetaMask and shown on Etherscan, on an address BlockDAG itself used to take people's money.
What Etherscan shows
Open the address on Etherscan and three things appear together. A public name tag, a red warning, and a hazard label:
"There are reports that this address was used in a Phishing scam. Please exercise caution when interacting with it. Reported by MetaMask."
Public name tag: Blockdag Presale
Address: 0x4C39Ed0438D5e8913aCF423db6d56CCe78B2d367
The "Phish / Hack" tag and the MetaMask report are not something we wrote or inferred. They are displayed by Etherscan, the most widely used Ethereum block explorer, drawing on MetaMask's phishing detection list. The "Blockdag Presale" name tag is also Etherscan's, not ours.
Why this address matters
An address being labelled is only significant if it is actually BlockDAG's. It is. An independent on-chain investigation by Jerry O'Callaghan, published on Medium in November 2025, documented that this exact address was served as the ETH deposit address by BlockDAG's own website when a user began a presale deposit. In other words, this is not a scammer's lookalike wallet impersonating the project. It is an address the project's own front end handed to people who were sending in money.
As of writing, the address is nearly empty: roughly $175 in ETH and about $40 in assorted tokens. The funds that passed through it have been moved elsewhere. What remains is the label.
What this does, and does not, establish
We are deliberately careful here, because precision is the whole point of this site.
The honest reading
- Verified: Etherscan displays a "Phish / Hack" label and a MetaMask phishing warning on this address, right now. Anyone can check.
- Verified: the address was served by BlockDAG's own website as a presale ETH deposit address (independent on-chain investigation, Nov 2025).
- Not claimed by us: that BlockDAG itself operated a phishing scam. MetaMask's flags are applied from reports, and the public record does not publish MetaMask's exact reason for this one.
- The point: a wallet the project used to receive presale funds is now marked a phishing or scam address by a major wallet provider. That is a serious external signal, whatever its precise cause.
It is possible the flag stems from the address being reused or referenced in downstream phishing activity rather than a finding against the team directly. We cannot see MetaMask's internal reason, so we do not assert one. But for an ordinary investor, the practical meaning is simple: if you open the wallet your money went into and your own wallet provider warns you it is a phishing or scam address, that is not a detail to wave away.
How to verify it yourself
You do not have to take our word for any of this, and you should not. Go to etherscan.io, paste the address 0x4C39Ed0438D5e8913aCF423db6d56CCe78B2d367 into the search bar, and look at the top of the page. You will see the "Blockdag Presale" tag, the red "Phish / Hack" label, and the MetaMask warning. It takes about ten seconds, and it is the same thing your wallet would show you if you tried to send funds there today.
What we are watching next
Two things. First, whether BlockDAG addresses the flag publicly, explains it, or has it reviewed. A legitimate project with a wrongly flagged address usually disputes the label loudly. Second, whether other BlockDAG-associated deposit or buyback addresses pick up similar warnings. We will update this story as the on-chain record changes.
The advice is the same as always: verify on chain before you trust a banner. An address your own wallet calls a phishing scam is telling you something, even if the full story is not yet public.