Crypto news

18.06.2026
02:13

A new wave of crypto drainers: how scammers are hunting Russian investors

Cryptocurrency fraud in Russia is reaching a new level. In late May to early June of this year, at least three hacker groups launched a large-scale campaign to steal digital assets from Russians. Their main weapon is so-called "drainers," malicious programs disguised as harmless investment platforms. Cybersecurity experts have already recorded at least 15 fake websites tailored to this scheme.

How it works: the bait with a $50 bonus

The attack mechanism is simple and cynical. Users are offered to open an "investment account" with a promised welcome bonus of 50 USDT. To activate it, the victim is asked to connect their crypto wallet by scanning a QR code through the official app. In reality, this step gives attackers full access to withdraw funds: cryptocurrencies, tokens, and even NFTs.

Once authorization on the fake website is complete, the malicious software instantly analyzes the wallet balance and empties it through several transactions. It is important to understand: the victim independently signs the transaction request, unaware of its true nature.

Three main tricks of scammers

Analysts highlight three key luring scenarios:

  • Investment accounts: promising a bonus for registration.
  • Telegram activity: offering a profitable purchase of "stars" or other internal currencies.
  • Bonus programs: distributing free tokens for connecting a wallet.

It is worth noting that this is not a new threat. Several years ago, drainers were actively used against English-speaking audiences, after which their activity temporarily declined. Now we are witnessing a revival of this tactic, but aimed at Russian-speaking users.

How to protect your assets

Experts strongly recommend completely avoiding clicking on links from advertisements, especially if they promise "freebies." Always verify the domain name of the resource: scammers often register addresses similar to well-known brands. Use Whois services to check the site's creation date—if it is only a few days old, that is a serious red flag.

Additionally, remember: brokerage activities in Russia are licensed by the Bank of Russia. All official resources of legitimate brokers can be verified on the Central Bank's website. Any promotions and bonuses should be verified exclusively on official platforms. If you come across a suspicious site, submit it to the "Anti-Phishing" platform—F6 specialists will check the information and pass it to regulators for blocking.

My expert opinion: this attack is a classic example of social engineering, enhanced by technological tools. Scammers prey on users' greed and gullibility, offering "easy" money. The only reliable protection is thorough verification of any resource before connecting a wallet and using hardware wallets for long-term asset storage. No bonus is worth losing all your savings.