A new wave of crypto fraud in Russia: how drainers empty wallets
Russian cryptocurrency holders have faced an organized threat of a new level. At least three hacker groups have launched a massive attack using malicious software — so-called drainers. These programs are designed to instantly empty crypto wallets, and the attackers skillfully disguise their schemes as legitimate investment offers.
According to analysts from the specialized unit F6 Digital Risk Protection, in late May to early June, fraudsters launched at least 15 bait websites. The mechanics are simple and cynical: users are promised an investment account with a welcome bonus of $50 in USDT. To activate it, they need to connect their wallet by scanning a QR code through the official app.
The unsuspecting victim independently signs a transaction request. However, in reality, this step grants hackers full access to withdraw all digital assets: cryptocurrencies, tokens, and even NFTs. Once authorization on the fake site is complete, the drainer checks the balance with a series of requests and instantly withdraws all available funds.
Main Luring Schemes
Experts have identified three key types of bait used by attackers:
- Investment accounts — promising a registration bonus.
- Telegram activity — offering a profitable purchase of "stars" in the messenger.
- Bonus programs — distributing free tokens for connecting a wallet.
It is important to note that drainers are not a new technology. Several years ago, they were actively used against English-speaking users, after which their activity temporarily declined. Now we are witnessing a resurgence of this threat, but with a focus on the Russian-speaking audience. Hackers quickly create new domains to replace blocked ones, making the fight against them particularly challenging.
How to Protect Your Assets
Experts recommend completely avoiding clicking on suspicious links from advertisements. Always carefully check the domain name of the resource you are on. Fraudsters often register addresses that sound similar to well-known brands. Use Whois services to check the creation date of the site — fresh domains should raise suspicion.
Remember that brokerage activities in the Russian Federation are only possible with a license from the Bank of Russia. You can verify the legitimacy of a company and its official internet resources on the Central Bank's website. Cross-check any promotions and bonuses exclusively on official platforms. If you find a suspicious site, send it to the "Antiphishing" platform — F6 specialists will verify the information and pass it to regulators for blocking.
My comment: This campaign is a vivid example of how classic social engineering methods are adapting to new technological realities. Drainers are becoming increasingly accessible even to less technically savvy attackers, which sharply raises risks for ordinary investors. In current conditions, the only reliable protection is a combination of technical literacy and healthy skepticism. Never connect your wallet to unverified resources, even if the promise of a bonus seems tempting.