A security analysis of the Rublevka Team describes a Russian crime syndicate that has stolen over $10 million in cryptocurrency since 2023 by running a highly automated scam‑as‑a‑service platform for Solana and other assets. Affiliates use a Telegram bot to generate fake landing pages, impersonate trusted brands such as Phantom, Jito, or Bitget, and spread malicious links that lure victims into signing fraudulent transactions.
According to Insikt Group, the operation shifted from targeting The Open Network (TON) to SOL in spring 2025, with its latest campaign generating the majority of its total revenue at around $8.2 million. The drainer tool is said to support more than 90 different wallet types, and the top earners’ profits are tracked in a private Telegram channel, with one user listed as “hard working guy” valued at over $1.3 million.
The Rublevka Team’s model is described as a maturation of cybercrime‑as‑a‑service, lowering entry barriers and enabling a global pool of low‑skill threat actors to conduct high‑volume theft.