Anatomy of a Russian Crypto Drainer Operation
Essential information
- Published
- 04/02/2026 15:24
- Modified
- 04/02/2026 21:20
- Tags
- 2026-02-04 affiliate program brand impersonation cryptocurrency theft javascript drainer phishing social engineering solana wallet draining
- Related entities
- 18 observables, 1 intrusion sets (apt), 30 others
Description
A major cybercriminal operation called Rublevka Team has generated over $10 million through cryptocurrency theft since 2023. The group employs a network of social engineering specialists who direct victims to malicious pages impersonating legitimate crypto services. Using custom JavaScript scripts, they trick users into connecting wallets and authorizing fraudulent transactions. Rublevka Team's infrastructure is fully automated, offering affiliates access to tools for launching high-volume scams. Their model poses a growing threat to cryptocurrency platforms and brands, with potential for reputational and legal risks. The group's agility in rotating domains and targeting lower-cost chains like Solana undermines traditional fraud detection efforts.