# Nathalie Roy — Operator of xmrwallet.com

> **Identified operator of the xmrwallet.com Monero theft service.**

## Identity

| Attribute | Value |
|-----------|-------|
| Name | Nathalie Roy |
| Country | Canada |
| GitHub | [nathroy](https://github.com/nathroy) (ID: 39167759) |
| GitHub org | XMRWallet (created 2018-05-10) |
| Reddit | u/WiseSolution — **banned from r/Monero** |
| Twitter | @xmrwalletcom |
| Emails | admin@xmrwallet.com, support@xmrwallet.com, feedback@xmrwallet.com, lr@xmrwallet.com |
| ProtonMail | royn5094@protonmail.com |
| Self-identification | support.html: "Nathalie Roy created XMRWallet..." |

## What this person operates

xmrwallet.com — a fraudulent Monero web wallet that:

1. **Steals private view keys** — transmitted to server 40+ times per session via `session_key`
2. **Hijacks transactions** — `raw_tx_and_hash.raw = 0` discards client TX, server redirects funds
3. **Tracks users** — 4 Google trackers in a "privacy" wallet (GTM, UA, GA4, DoubleClick)
4. **Maintains offshore infrastructure** — DDoS-Guard hosting, bullet-proof IPs in Belize
5. **Manipulates reputation** — 50+ paid SEO articles, Trustpilot review management, WOT verification

## Pattern of behavior

- **2018**: Banned from r/Monero for self-promotion
- **2018-2024**: 5.3-year commit gap — zero public updates while production theft code evolved
- **2016-2026**: 21+ GitHub issues deleted from repository
- **2026-02**: Registered escape domains (xmrwallet.cc, xmrwallet.biz) after exposure
- **2026-02**: Both escape domains suspended by registrars
- **2026-02-23**: Deleted Issues #35 and #36 containing proof of theft
- **Never**: Provided a single technical rebuttal to any finding

## Financial inconsistencies

- Claims "free, funded solely by donations"
- Zero XMR donation wallet address exists anywhere
- Pays $550+/month for IQWeb custom hosting
- Pays for DDoS-Guard CDN
- Purchased 50+ sponsored articles across crypto media
- All funded by stolen XMR

## Evidence

- [Full Technical Investigation](https://phishdestroy.github.io/DO-NOT-USE-xmrwallet-com/)
- [Deleted Issues Archive](https://phishdestroy.github.io/DO-NOT-USE-xmrwallet-com/deleted.html)
- [Issue #35 cached](https://phishdestroy.github.io/DO-NOT-USE-xmrwallet-com/cache-issue35/)
- [Issue #36 cached](https://phishdestroy.github.io/DO-NOT-USE-xmrwallet-com/cache-issue36/)

---

*Investigation by [PhishDestroy Research](https://github.com/phishdestroy) — OSINT only, no unauthorized access*