Crypto news

17.06.2026
21:19

A new wave of crypto fraud in Russia: drainers are disguising themselves as investment platforms

Russian cryptocurrency holders have faced a large-scale attack organized by at least three hacker groups. The attackers are actively using malicious software — drainers — disguised as legitimate affiliate programs for investors. This is not just another phishing scenario, but a well-thought-out scheme aimed at emptying wallets.

Attack Mechanics: From Bonus to Complete Loss of Funds

From the end of May to the beginning of June, analysts from the specialized division F6 Digital Risk Protection recorded the launch of at least 15 bait websites hiding crypto drainers. The deception mechanism works as follows:

  • Users are lured with a promise to open an investment account and receive a welcome bonus of $50 in USDT.
  • To activate the "generous" offer, the victim is asked to connect their wallet by scanning a QR code through the official application.
  • As a result, the user independently signs a transaction request, which in reality gives the attackers full access to withdraw all funds: cryptocurrencies, tokens, and NFTs.
  • Once authorization on the fake website is complete, the malicious software instantly checks the balance and withdraws all available assets with several requests.

Experts identify three main types of bait: investment accounts with a bonus promise, offers to profitably purchase stars on Telegram, and giveaways of free tokens for connecting a wallet. All these schemes share one thing — the requirement to connect a wallet on a suspicious resource.

Why Is This Especially Dangerous Now?

Maria Sinitsyna, Senior Analyst at the Digital Risk Protection Department of F6, notes that drainers are not new. Several years ago, they were actively spreading among English-speaking users, after which their activity declined. However, a new wave is now being recorded, specifically targeting a Russian-speaking audience. The expert urges cryptocurrency holders to be especially cautious with resources exploiting fresh news topics: connecting wallets to dubious sites is a direct path to losing funds.

Recommendations for Asset Protection

To avoid becoming a victim of scammers, it is necessary to follow several simple but critically important rules:

  • Completely refrain from clicking on suspicious links from advertisements.
  • Carefully verify the domain name of the resource you are on. Attackers often register domains that sound similar to well-known brands.
  • Check the website's creation date via Whois services — fresh domains should raise suspicion.
  • Remember that brokerage activities in the Russian Federation are only carried out with a license from the Bank of Russia. Verify the license and official internet resources of the broker on the Central Bank's website.
  • Always verify any promotions exclusively on official platforms.
  • A suspicious website can be sent to the "Anti-Phishing" platform — F6 specialists will check the information and forward it to regulators for blocking.

Expert Opinion: This new wave of attacks is a vivid example of how scammers adapt old schemes to new realities. The key vulnerability remains the human factor: the desire to get a "free" bonus or a profitable offer outweighs common sense. Until users develop the habit of checking every step, drainers will continue to find their victims.