Crypto news

18.06.2026
00:23

New wave of crypto drainers: Russian-speaking users in hackers' crosshairs

A large-scale phishing attack targeting Russian-speaking cryptocurrency holders is gaining momentum. At least three hacker groups have deployed malicious drainer programs disguised as lucrative investment offers. Victims are promised easy money, but end up with their wallets emptied.

Attack Mechanism: From Bonus to Complete Asset Loss

In late May to early June, analysts detected at least 15 bait websites equipped with hidden crypto drainers. The scheme is standard but highly effective: users are lured with the promise of opening an investment account with a welcome bonus of 50 USDT. To activate the "gift," they are asked to connect their wallet by scanning a QR code through the official app.

In reality, the victim unknowingly signs a transaction that grants attackers full access to withdraw funds: cryptocurrencies, tokens, and NFTs. Once authorization on the fake site is complete, the drainer instantly checks the balance and withdraws all available assets in a few requests.

Experts highlight three main types of bait:

  • Investment accounts — promising a bonus for registration.
  • Telegram activity — offering a profitable purchase of "stars."
  • Bonus programs — distributing free tokens for connecting a wallet.

Hackers act proactively: as soon as one domain is blocked, they immediately register a new one. According to experts, drainers are not new—they were actively used against English-speaking audiences several years ago, after which their activity subsided. Now we are witnessing a resurgence of this threat, but with a clear focus on Russian-speaking users.

How to Protect Your Digital Assets

The main rule is to never click on suspicious links from advertisements. Always carefully check the domain name of the resource: scammers often register addresses that sound similar to well-known brands. Use Whois services to check the site's creation date—fresh domains should raise particular suspicion.

In Russia, brokerage activities are only possible with a license from the Central Bank. Verify the license and official online resources of the broker on the Central Bank of the Russian Federation's website. Cross-check any promotions and bonuses exclusively on official platforms. If you encounter a suspicious site, send it to the "Anti-Phishing" platform—specialists will verify the information and pass it to regulators for blocking.

Expert opinion: This attack is a vivid example of how social engineering remains the most dangerous tool in the hands of attackers. Even experienced investors can fall for the bait if they do not follow basic digital hygiene rules. I recommend using hardware wallets to store large sums and never connecting them to untrusted web interfaces.