Dangerous investment: amid the growth of bitcoin, a new fraudulent scheme has entered the Russian Federation

Cybersecurity companies have identified several hundred attempts to use a new fraudulent scheme in Russia. This time, the potential victims are those who have ever been interested in cryptocurrency — the attackers are exploiting this particular legend. People receive calls allegedly from well-known HR agencies who are looking for a client for their partner and offer to cooperate. Then a "specialist in working with a crypto exchange" contacts the person and forces them to download special applications. This is how fraudsters gain access to the victim's funds. For more information, see the Izvestia article.

Which scammers are exploiting the topic of cryptocurrency

The attackers have implemented a new fraud scheme aimed at people who are interested in cryptocurrency, representatives of the Bi.Zone Brand Protection platform told Izvestia. Several hundred cases of its use have now been identified, but this is only the beginning, experts warn.

"We expect that scammers may become more active against the background of the rapid growth of the bitcoin exchange rate, which is close to a historical maximum," said Dmitry Kiryushkin, head of the platform. — The deception scenario looks quite convincing. By creating the illusion of honesty and openness, criminals claim that their benefit is a percentage of the user's net income.

Photo: TASS/dpa/picture-alliance/Silas Stein

The new scheme is implemented in two stages. First, scammers write to a potential victim on behalf of a real-life recruitment agency. His fake employees explain that they are looking for a partner for the agency and offer the victim to cooperate with him.

Next, the agency's "partner" comes from another account, posing as a specialist in working with the Binance cryptocurrency exchange. He describes in detail the earnings scheme, similar to a bank deposit: by replenishing the account, the user can receive interest. For passive earnings, you need to download the official applications of the Trust Wallet crypto wallet and one of the crypto exchanges — MEXC or Bitget.

Running for cryptography: the Central Bank will launch large-scale checks of virtual assets

The regulator intends to protect the banking system from the risks of digital currencies

After the user has registered and replenished the account, the scammers create an account in Binance, specifying the victim's email address. By clicking on the link sent in the letter of the crypto exchange, the victim links his wallet to the Binance account, which was previously created by the scammers. This is how criminals gain access to funds.

Photo: IZVESTIA/Eduard Kornienko

Dmitry Kiryushkin noted that the attackers do not hide the fact that Binance does not operate in Russia. Thus, they seek to gain the victim's trust in order to convince her to replenish the crypto wallet, and then steal her funds.

Marat Khamidullov, head of the project development team at CFR Axiomica, confirmed the appearance of the "HR agency - client with Binance - interest deposit" link scheme.

"At the same time, address substitution during payment and "refand traps" have become more frequent, when they send a couple of dollars and demand to return the "erroneous $1,000", counting on the recipient's inattention," he said. — There were cases with one-day tokens. As a contractor, they also tried to breed us through fake technical specifications and "test" transactions, which gave attackers broad access rights to wallets and exchanges.

How Crypto Investors are Attacked

In early October 2025, bitcoin updated its historical maximum, exceeding $125 thousand. And although there was a correction to $111 thousand per bitcoin, the exchange rate is still quite high, which traditionally attracts not only investors, but also scammers, said Igor Rastorguev, a leading analyst at AMarkets.

"According to the Interior Ministry, in the first seven months of this year, the damage from cybercrimes in Russia increased by 16% and reached 119.6 billion rubles," he said. — As for the cryptocurrency sphere specifically: in the first half of the year, hackers around the world stole $2.17 billion in digital assets, which already exceeds the figures for the whole of 2024. Scammers are attacking those who used to be interested in investments.

With the rising cost of bitcoin and a new wave of interest in cryptocurrencies, scammers have become more active, confirmed Fyodor Ivanov, director of analytics at AML/KYT provider Shard.

Photo: IZVESTIA/Alexey Maishev

In addition to the activity of criminals in messengers, against the background of the growth of the bitcoin exchange rate, the number of fraudulent domains imitating the original sites may increase, Dmitry Kiryushkin noted. So, since October 1, 39 potentially fraudulent domains containing keywords related to cryptocurrency have been identified in the .ru domain zone.

"During the whole of September, experts found 222 such resources in the Russian domain zone," the expert said.

Card with a bit: a surge in black mining has been recorded in Russia

Which regions are the leaders in the number of illegal digital asset miners

In addition to pseudo-investments, schemes with fake trading platforms are popular, where the user is shown "profit growth" on a fake interface, and it is impossible to withdraw money, added Kirill Levkin, MD Audit project manager (Softline Group).

"Fraudulent mailings on behalf of exchanges, banks and payment systems are gaining momentum, asking them to confirm an account or unfreeze funds," he said. — In addition, social engineering schemes through messengers have become more active, where attackers pose as acquaintances, colleagues, or support representatives. Deepfake calls and fake pages of reputable media are often used to legitimize deception.

Photo: IZVESTIA/Sergey Vinogradov

In most cases, attackers steal funds using social engineering methods, said Fyodor Ivanov, noting that the data was obtained on the basis of requests from the company's customers.

"Such cases account for about 35% of all requests for help in finding stolen assets or assistance in initiating criminal proceedings," the expert said. — Most often, these are fake investment helpers and offers to make quick money through "break-even" schemes of crypto-arbitrage or depositing funds.

There has also been an increase in the popularity of "romantic" fraud schemes and fictitious job offers. In both cases, the victim is ingratiated with, and then, under a specific pretext, they are asked to either download an application from a link, link a crypto wallet to some dubious program, or transfer funds to another account.

Photo: IZVESTIA/Anna Selina

The second place, according to Fyodor Ivanov, is occupied by financial pyramids.

Often, investment scammers, under the guise of official applications or bots, offer to connect a wallet, make a deposit and receive interest, and then gain access to the seed phrase (the main key to the crypto wallet) and withdraw money, said Marat Khamidullov from CFR Axiomica.

"Another scheme is a one-day token," he said. — Scammers launch their token, hype it up, people buy, and the creators suddenly take away the liquidity — it's already impossible to sell. Another scheme to deceive developers: they send a "technical assignment" or a code file and ask them to "sign for the test" — in fact, you give the rights to your wallet or project funds.

Exchanges pocket: what the biggest $1 billion cryptojacking will lead to

ByBit's security system was breached by North Korean group Lazarus - how to protect your funds now

How to protect yourself from scammers

All schemes have one thing in common: criminals use the haste factor and the authority of "well-known brands" in the crypt, as well as hide dangerous permissions in unobvious details, experts noted.

— To protect yourself, you need to remain vigilant and critical thinking, — said Dmitry Kiryushkin from Bi.Zone Brand Protection. — In case of any doubt, it is better to abandon investments. Intruders may be hiding behind overly profitable offers.

According to Kirill Levkin, the main rule is not to transfer funds or connect wallets on the advice of strangers, especially if the conversation starts in messengers or social networks.

Photo: IZVESTIA/Dmitry Korotaev

"Check website addresses, domains, and applications only through official sources," he stressed. — Never transmit seed phrases and confirmation codes, even if you receive a message from the support service. Use only licensed platforms for investments, and avoid promises of higher-than-market returns. Set up two-factor authentication and login notifications, and keep large amounts in cold wallets.

It is not necessary to make financial decisions under pressure and in a hurry, said Igor Rastorguev from AMarkets.

"If you have become a victim of fraud or noticed suspicious activity, it is important to report their addresses to cryptanalytic services," added Fyodor Ivanov from Shard. — This will not only allow other users to find out about these addresses, but also complicate the withdrawal of stolen funds.

If something goes wrong, you should immediately contact law enforcement agencies and the stock exchange where the incident occurred. The faster the reaction, the higher the chances of blocking the withdrawal of funds, the experts concluded.