Crypto news

The digital asset market in Russia has faced an aggressive attack. At least three hacker groups have launched a large-scale campaign to steal cryptocurrency using malicious software — drainers. The attackers skillfully disguise their schemes as legitimate affiliate programs for investors, and victims unknowingly grant access to their funds.

In late May to early June of this year, analysts from the specialized division F6 Digital Risk Protection recorded the launch of at least 15 bait websites integrated with crypto drainers. These programs are designed for a single purpose — to instantly empty the connected wallet. The attack mechanics are honed to automation.

Users are lured to fake resources with promises of opening an investment account and receiving a welcome bonus of 50 USDT. To activate the "generous" offer, the victim is asked to connect their wallet by scanning a QR code through the official app. As a result, the user independently signs a transaction request that actually grants fraudsters full access to withdraw not only cryptocurrency but also tokens and NFTs.

Once authorization on the fake site is complete, the malicious software checks the balance with several requests and instantly withdraws all available funds. The investor is left with no chance to react.

Main Tricks of Scammers

Experts have identified several key schemes that are actively being used today:

• Investment accounts: Promising a bonus for registration and wallet connection.
• Telegram activity: Offering a profitable purchase of "stars" or other internal currencies.
• Bonus programs: Distributing free tokens for connecting a wallet.

Notably, drainers are not a new threat. Several years ago, they were actively spread among English-speaking audiences, after which their activity declined. However, we are now seeing a clear relaunch of the campaign, specifically targeting Russian-speaking users. The scheme organizers quickly register new domains to replace blocked ones, making the fight against them a game of "cat and mouse."

How to Protect Your Assets

Experts provide clear recommendations. First and foremost, avoid clicking on suspicious links from advertisements. Carefully verify the domain name of the resource — attackers often register addresses that sound similar to well-known brands. You can check the site's creation date through Whois services: if the domain is only a few days old, it's a red flag.

Since brokerage activities in the Russian Federation are only possible with a license from the Bank of Russia, always check for its presence and the broker's official internet resources on the Central Bank's website. Any promotions and bonuses should be verified exclusively on official platforms. If you come across a suspicious site, you can send it for verification on the "Antiphishing" platform — F6 specialists will check the information and pass it to regulators for blocking.

Cryptalist analyst's opinion: This attack is an alarming signal for the entire market. Scammers have moved to a new level of social engineering, exploiting users' trust in bonuses and "freebies." The only reliable protection is cold storage of large sums and a principled refusal to connect a wallet to any unfamiliar sites, even if they look like "investment platforms."