Crypto news

18.06.2026
04:15

New wave of crypto drainers: how hackers are emptying Russians' wallets

The digital asset market has once again faced a large-scale threat. Fraudulent groups have intensified attacks on Russian users, using malicious software — so-called drainers. According to my data, at least three hacker groups have launched campaigns aimed at emptying crypto wallets, disguising their schemes as legitimate affiliate programs for investors.

Attack Mechanics: From Bonus to Theft

In late May to early June, the attackers launched at least 15 bait websites integrated with hidden crypto drainers. These programs are designed for instant fund withdrawal. Users are lured with the promise of opening an investment account and receiving a welcome bonus of $50 in USDT. To activate the "generous offer," the victim is asked to connect their wallet by scanning a QR code through the official app.

In reality, by approving the integration, the user themselves signs a transaction that grants hackers full access to withdraw cryptocurrency, tokens, and NFTs. Once authorization on the fake website is complete, the drainer checks the balance with several requests and instantly withdraws all available funds. This is a classic, but no less dangerous, scheme.

Analysts from the specialized unit F6 Digital Risk Protection have already submitted an official request to block the identified malicious resources. However, as practice shows, fraudsters quickly create new addresses to replace closed domains. According to Maria Sinitsyna, Senior Analyst at the Digital Risk Protection department, drainers are not being used for the first time: several years ago, this software was actively distributed among English-speaking users, after which its activity declined. A new wave is now being recorded, targeting the Russian-speaking audience.

Main Types of Bait

I have identified three key scenarios used by the attackers:

  • Investment accounts: promising a bonus for registration.
  • Telegram activity: offering a profitable purchase of stars.
  • Bonus programs: giving away free tokens for connecting a wallet.

How to Protect Your Assets

Investors need to exercise extreme caution. I strongly recommend completely avoiding clicking on suspicious links from advertisements. Carefully verify the domain name of the resource: fraudsters often register addresses that sound similar to well-known brands. Check the website's creation date through Whois services.

Furthermore, remember: brokerage activities in the Russian Federation are only conducted with a license from the Bank of Russia. Always check the broker's license and official internet resources on the Central Bank's website. Verify any promotions exclusively on official platforms. If a website raises doubts, send it to the "Anti-Phishing" platform — F6 specialists will check the information and pass it to regulators for blocking.

Expert Commentary: The current wave of drainers is a vivid example of how cybercriminals adapt old schemes for new audiences. The Russian cryptocurrency market, despite regulatory uncertainty, remains an attractive target for hackers. The only reliable method of protection is cold storage of assets and a complete refusal to connect wallets to unverified web interfaces. Do not believe in free bonuses — they do not exist.