Crypto news

17.06.2026
17:20

A new wave of crypto theft: drainers attack Russian users

The digital asset market has once again become the arena for a large-scale fraudulent campaign. According to data from industry analysts, at least three hacker groups have launched attacks on Russian cryptocurrency holders using malicious software — drainers. These programs are designed to instantly empty wallets, and the attackers skillfully disguise their schemes as legitimate affiliate programs for investors.

Attack Mechanism: From Bonus to Complete Loss of Funds

In late May to early June of this year, at least 15 bait websites integrated with hidden crypto drainers were detected. Users are lured with promises to open an investment account and receive a welcome bonus of $50 in USDT. To activate the "generous" offer, the victim is asked to connect their wallet by scanning a QR code through the official app.

At first glance, the process looks standard: the user approves the integration and signs a transaction request. However, in reality, this action gives scammers full access to withdraw all funds — cryptocurrencies, tokens, and NFTs. Once authorization on the fake website is complete, the malicious software checks the balance with several requests and instantly withdraws all available assets.

Experts identify three main types of bait used in the current campaign:

  • Investment accounts: Promising a bonus for registration.
  • Telegram activity: Offering a profitable purchase of "stars" or internal currency.
  • Bonus programs: Distributing free tokens for connecting a wallet.

It is important to note that this tactic is not new. Several years ago, drainers were actively used in the English-speaking segment, after which their activity declined. Now we are seeing a resurgence, but with a focus on the Russian-speaking audience. Scammers quickly register new domains to replace blocked ones, making the fight against them a game of "cat and mouse."

How to Protect Your Assets

In the current environment, investors need extreme vigilance. It is recommended to completely avoid clicking on suspicious links from advertisements. Always carefully verify the domain name of the site you are on — attackers often register addresses that sound similar to well-known brands. You can check the site's age through Whois services.

Additionally, remember: brokerage activities in Russia are only possible with a license from the Central Bank. Always check the license and official online resources of the broker on the Central Bank of the Russian Federation website. Verify any promotions and bonuses exclusively on official platforms. If you come across a suspicious site, you can submit it for verification on the "Antiphishing" platform — specialists will check the information and pass it to regulators for blocking.

Expert opinion: Drainers are an evolved threat that exploits human greed and gullibility. As long as users believe in "free bonuses" from untrusted sources, such schemes will thrive. The only reliable protection is cold storage of assets and completely ignoring any offers that require connecting a wallet to third-party resources.