Rublevka Team: Anatomy of a Russian Crypto Drainer Operation

Rublevka Team is an affiliate-based cryptoscam operation that uses a JavaScript “drainer” embedded in phishing landing pages (impersonating airdrops, exchanges, and DeFi services) to trick Solana wallet users into signing transactions that transfer assets to attacker-controlled addresses; the report details the group's recruitment, Telegram bot and channels, domain/infrastructure rotation, drainer functionality and modes (e.g., Honeypot, Crasher), IoCs (domains, file hashes, RPC endpoints, and ~160 Solana addresses), and observed profits totaling roughly $10.9M as of Dec 2025.