A new wave of crypto fraud in Russia: drainers are disguising themselves as investment platforms
Russian cryptocurrency holders have faced a large-scale and well-organized attack. At least three hacker groups have launched a campaign to steal digital assets using malicious drainer programs. The attackers skillfully disguise their schemes as legitimate affiliate programs for investors, making the threat particularly insidious.
Digital security experts have recorded the launch of at least 15 bait websites with built-in crypto drainers. These sites, created in late May to early June, mimic official platforms for opening investment accounts. The deception mechanism is honed to perfection.
How the scheme works
The user is offered an enticing bonus — 50 USDT for registration. To activate it, the victim is asked to "connect a wallet" by scanning a QR code through the official app. The unsuspecting investor independently approves a transaction request, which in reality grants fraudsters full access to withdraw all funds: cryptocurrencies, tokens, and NFTs. Once authorization is complete, the drainer instantly scans the balance with multiple requests and empties the wallet.
It is worth noting that this is not an isolated incident but a systemic problem. Analysts emphasize that several years ago, such software was actively used against English-speaking audiences, after which its activity subsided. Now we are witnessing a resurgence of this tactic, but with a focus on Russian-speaking users.
Main types of bait
- Investment accounts: Promise of a bonus for registration.
- Telegram activity: Offer of a profitable purchase of "stars" or premium access.
- Bonus programs: Distribution of free tokens for connecting a wallet.
Experts have already sent requests to block the identified malicious domains. However, the problem is that fraudsters quickly create new addresses to replace the blocked ones. This is an endless game of cat and mouse.
How to protect your assets
The first and most important rule is to never click on suspicious links from advertisements. Always carefully check the domain name of the resource. Fraudsters register addresses that sound similar to well-known brands, so use Whois services to verify the site's creation date. A fresh domain is a red flag.
Additionally, remember that brokerage activities in the Russian Federation are licensed by the Bank of Russia. The legitimacy of a company and its official resources can always be verified on the Central Bank's website. Cross-check any promotions and bonuses exclusively on official platforms. If you doubt a site, submit it for verification to specialized anti-phishing platforms.
Expert opinion: This attack is a vivid example of how social engineering and technical vulnerabilities merge together. Greed for "free" bonuses is the main enemy of security. Until users learn that there is no such thing as a free lunch, such schemes will thrive. The only reliable protection is cold storage and total skepticism towards any offers to "connect a wallet."