Crypto news

According to my data, at least three hacker groups have launched a large-scale campaign targeting Russian cryptocurrency holders. Attackers are actively using malicious software — drainers — disguising their attacks as legitimate affiliate programs for investors. This is not just another threat, but a systemic challenge to the security of the entire crypto community in the region.

Analysts from the specialized division of F6 Digital Risk Protection have recorded an alarming surge in investment fraud aimed at stealing digital assets. In late May to early June, attackers launched at least 15 bait websites containing hidden crypto drainers. These programs are designed for one purpose — to instantly empty a connected wallet.

Attack Mechanics: From Bonus to Total Depletion

The deception scheme looks painfully familiar, but is no less dangerous for it. The victim is lured to a fake resource with the promise of opening an investment account and receiving a welcome bonus of $50 in USDT. To activate the "generous" offer, the user is asked to connect their wallet by scanning a QR code through the official app.

In reality, this operation is a signature for a transaction request that gives scammers full access to asset management. Once authorization on the fake site is complete, the drainer checks the balance with several requests and instantly withdraws all available funds: cryptocurrency, tokens, and NFTs.

F6 specialists have already submitted an official request to block the identified malicious resources. However, as I well understand, this is only a temporary measure: new domains will replace the closed ones. The scammers operate on the "hydra" principle.

Evolution of the Threat: From the English-Speaking World to Russia

According to Maria Sinitsyna, senior analyst at the Digital Risk Protection department of F6, drainers are not a new technology. Several years ago, this software was actively distributed among English-speaking users, after which its activity declined. Now we are witnessing a revival of the scheme, but with a focus on the Russian-speaking audience.

The expert urges cryptocurrency owners to be extremely cautious with any resources exploiting fresh news topics. Connecting a wallet to a suspicious site is a direct path to losing all funds.

How to Protect Your Assets

Based on the current situation, I strongly recommend:

• Completely avoid clicking on suspicious links from advertisements.
• Carefully verify the domain name of the resource. Scammers often register addresses that sound similar to well-known brands.
• Check the site's creation date via Whois services. "Fresh" domains are a red flag.
• Verify the broker's license on the Central Bank of Russia website. Check any promotions exclusively on official platforms.
• Report suspicious sites to the "Antiphishing" platform — F6 specialists will verify the information and pass it on to regulators.

My analysis: This attack is a vivid example of how classic phishing methods are adapting to modern DeFi realities. Users accustomed to "free bonuses" and easy money become ideal targets. The only reliable way to protect yourself is total verification of every action and the realization that there is no such thing as a free lunch. Stay vigilant.