Crypto news

17.06.2026
23:51

A new wave of crypto fraud: drainers attack Russian users

The cryptocurrency market has once again faced a serious threat: at least three hacker groups have launched a large-scale campaign to steal digital assets from Russian investors. The attackers are actively using malicious drainer programs, disguising their schemes as legitimate affiliate programs and investment offers.

Attack Mechanics: How Drainers Work

In late May to early June of this year, analysts from the specialized unit F6 Digital Risk Protection recorded the launch of at least 15 phishing websites covertly embedding crypto drainers. These programs are designed to instantly empty victims' wallets.

The deception scheme works as follows: users are lured to fake resources with the promise of opening an investment account with a welcome bonus of $50 in USDT. To activate this generous offer, the victim is asked to connect their wallet by scanning a QR code through the official app. At first glance, this appears to be a standard verification procedure.

However, in reality, the user independently signs a transaction request, granting the attackers full access to withdraw funds, tokens, and NFTs. Once authorization on the fake site is complete, the malicious software checks the balance with several requests and instantly withdraws all available assets.

Main Types of Bait

Analysts identify three key scenarios for luring victims:

  • Investment accounts: promising a bonus for registration.
  • Telegram activity: offering a profitable purchase of "stars" or internal tokens.
  • Bonus programs: distributing free tokens for connecting a wallet.

F6 specialists have already submitted an official request to block the identified malicious domains. However, as practice shows, fraudsters quickly create new addresses to replace the blocked ones, making the fight against them an endless "cat-and-mouse game."

Notably, drainers are not a new tool. Several years ago, they were actively used against English-speaking users, after which their activity temporarily declined. Now we are witnessing a resurgence of this threat, but with a focus on the Russian-speaking audience. Experts warn: by connecting wallets to suspicious sites that exploit fresh news topics, it is easy to fall victim to scammers.

How to Protect Your Digital Assets

To protect yourself, I recommend following a few simple but critically important rules:

  • Never click on suspicious links from advertisements or unverified sources.
  • Carefully check the domain name of the resource. Fraudsters often register addresses that sound similar to well-known brands. Use Whois services to check the site's creation date — new domains should raise suspicion.
  • Verify licenses and official resources on the website of the Central Bank of the Russian Federation. Brokerage activities in Russia are only possible with the appropriate license.
  • Participate in promotions exclusively on official platforms.
  • Report suspicious websites to the "Anti-Phishing" platform — specialists will verify the information and pass it to regulators for blocking.

My professional opinion: the current wave of attacks is an alarming signal for the entire crypto community. Scammers are becoming increasingly sophisticated, using social engineering and users' trust in "freebies." The only reliable way to protect yourself is a combination of technical literacy and healthy skepticism. Remember: if an offer seems too good to be true, it is likely a trap.