First, the victim receives a message from a supposed recruitment agency representative, claiming to be looking for clients for a partner and offering the potential investor a lucrative partnership. Then, a "partner" from the agency contacts them from another account, claiming to be a specialist with Binance, the largest crypto exchange. They describe in detail the process of passive income, similar to a bank deposit: simply top up the account, and interest accrues. To participate, the victim is asked to install the Trust Wallet cryptocurrency wallet app and one of the crypto exchanges—MEXC or Bitget.

After registration and depositing funds, the scammers create an account on Binance using the victim's email address. After receiving a link in the email, the victim confirms their connection to this account, thereby granting the scammers access to their funds. The criminals deliberately emphasize the fact that Binance does not operate in Russia, using this as a way to instill trust and persuade the victim to top up their crypto wallet.

Marat Khamidullov, head of the blockchain development team at CMO Axiomica, also reported the emergence of a "HR agency – Binance client – ​​interest-bearing deposit" link. He noted an increase in the number of cases of payment address substitution and so-called "refund traps": they send a couple of dollars and then demand a refund of the "erroneous" thousand, preying on the client's inattention. Furthermore, there have been cases involving one-day tokens and attempts to deceive through fake technical specifications and "test transactions," which grant attackers broad rights to manage users' wallets and accounts.

Fedor Ivanov, Director of AML/KYC Analytics at Shard, confirmed that with the rise in the Bitcoin exchange rate, fraudulent activity has increased. At the same time, the number of fake domains imitating real websites has also increased. According to Dmitry Kiryushkin, head of the Bi.Zone Brand Protection platform, since October 1 alone, 39 suspicious resources containing cryptocurrency-related terms in their names have been detected in the .ru domain zone. In September, 222 such sites were identified.

Kirill Levkin, Project Manager at MD Audit (Softline Group), noted that popular fraudulent methods include pseudo-investment platforms with fake interfaces: users are shown "increasing profits," but withdrawals are impossible. Mass mailings purporting to be from exchanges, banks, and payment systems, asking users to confirm accounts or unfreeze funds, are also gaining momentum. Social engineering attacks via instant messaging have become more common: scammers pretend to be acquaintances, company employees, or customer support representatives. Deepfake calls and fake media accounts are often used to create a sense of credibility.

Previously, Dmitry Kirillov, a lawyer and advisor at Lidings, stated that legal restrictions are forcing Russian drivers looking to buy a car with cryptocurrency to seek help from intermediaries. However, such transactions are extremely risky: crypto assets can be stolen, and the car may not be delivered.