Crypto news

18.06.2026
03:29

A new wave of crypto phishing: how scammers drain Russians' wallets using drainers

The cryptocurrency landscape has once again faced a serious threat. Analysts have recorded at least three hacker groups specifically targeting Russian users with malicious drainer programs. These tools, disguised as legitimate investment affiliate programs, represent one of the most dangerous threats to digital asset holders today.

The mechanics of the attacks are meticulously planned. From late May to early June, the attackers launched at least 15 phishing bait sites. Users are lured with promises of opening an investment account and receiving a welcome bonus of $50 in USDT. However, to activate this "generous" offer, the victim is asked to connect their crypto wallet by scanning a QR code through the official app.

At first glance, the process looks harmless. The user independently approves the integration and signs the transaction request. But in reality, this step gives scammers full access to withdraw all funds: cryptocurrencies, tokens, and even NFTs. Once authorization on the fake site is complete, the malicious software checks the balance in seconds and instantly empties the wallet with multiple requests.

Main Deception Schemes

Experts highlight three key types of bait used in this campaign:

  • Investment accounts: Promising a bonus for registration and wallet connection.
  • Telegram activity: Offering a profitable purchase of "stars" or other in-platform assets.
  • Bonus programs: Distributing free tokens for connecting a wallet.

It is important to understand that this is not an isolated incident, but a new wave of an old threat. Previously, similar drainers were actively spread among English-speaking users, after which their activity declined. Now, we are witnessing a targeted attack on the Russian-speaking audience. The attackers exploit current news topics, creating fake resources that are difficult to distinguish from real ones.

Experts strongly recommend exercising extreme caution. Never click on links from advertisements, carefully verify the domain name of the resource, and check its creation date via Whois services. Remember that legal brokerage activities in Russia are only conducted with a license from the Central Bank, and all official resources can be verified on the regulator's website. Any suspicious sites should be sent to the "Anti-Phishing" platform for blocking.

Analyst's opinion: This attack is a vivid example of how social engineering remains the weakest link in digital asset security. Wallet protection technologies are improving, but human greed and gullibility continue to bring millions to attackers. The only reliable method of protection is cold storage and absolute paranoia regarding any "free" offers.