I’m reporting a suspected malicious application hosted on Railway that was used in a Solana wallet drain incident.

Affected domain:

evans-production-60b6.up.railway.app

Summary:

An individual directed me to this app and walked me through connecting my wallet. Interaction with the app resulted in an unauthorized transfer of funds.

Impact:

• Loss of funds from a Solana wallet
• Unauthorized signing triggered through this app

Evidence available (not posting publicly):

• On-chain transaction signatures
• Destination wallet(s)
• Network logs
• Chat logs with the operator

This is not a request for debugging help.

I am requesting Railway staff review this service for abuse and advise on a secure way to submit evidence.

I’m intentionally limiting details here to avoid public exposure of an active incident.