Following reports that Pavel Durov was arrested in France, a wave of scams sprang up, aimed at cryptocurrency investors and traders who were following the news. The attacks rely on the way information travels in real time across social networks, messaging apps, and online forums, where rumors can spread in minutes. In many cases, criminals target people in Russia and nearby regions but the pattern has appeared in Canada, the United States, and other markets as well. The scammers push non-existent investment projects tied to Durov, capitalizing on curiosity and fear of missing out, and they seek to lure victims into signing up for supposed opportunities that immediately lead to wallet drainage. The warning comes from a leading analyst in the Digital Risk Protection department of FAS.ST, who notes that the tactic is built on manipulating trusted names to gain quick trust and action. (Source: FAS.ST, Digital Risk Protection)
These scam campaigns typically feature ads that promise free distributions of Toncoin and Notcoin, coins associated with Telegram and its founder. The messages often imitate genuine news from recognizable media outlets, claiming that Pavel Durov’s latest investment vehicle would render every person financially independent and that his arrest was part of a broader plan. The advertised narrative is designed to sound familiar and authoritative, leveraging legitimate-looking templates, logos, and headlines to lower skepticism. For readers in North America, the risk is not limited to a single platform; similar messages have circulated via social feeds, chat groups, and misleading crypto news aggregators, all aiming to drive traffic to bogus websites that request wallet access.
According to the expert from FAS.ST, cryptocurrency holders should be wary of online resources that claim an official connection to Pavel Durov or to reports about his arrest. The message is reinforced by a user flow that starts with a phishing link, moves to a site that prompts users to connect their crypto wallet, and culminates in the user granting transaction permissions. Once access is granted, the malware behind the site can silently interact with the wallet and siphon assets to attacker-controlled addresses. The risk is amplified when users encounter prompts that seem legitimate or come from what appears to be a trusted platform. (Source: FAS.ST, Digital Risk Protection)
The core tool in these campaigns is the crypto drain, a form of malware built to empty wallets swiftly and automatically. The typical sequence involves landing on a phishing page, connecting the wallet, and approving a permission request. With that consent, the malicious code behind the page can initiate transfers or authorize new transactions, moving funds to the attackers in a matter of moments. Victims often discover the loss only after the money has already left their control, sometimes tracing the funds to wallets in other jurisdictions and beyond easy recovery. Experts emphasize that this kind of attack thrives on the ease of copying legitimate looking interfaces and on the urgency of a fast response to “breaking news.” (Source: FAS.ST, Digital Risk Protection)
Across Canada and the United States, security professionals note a broader pattern in crypto crime that mirrors established online threats: phishing, fake investment pitches, and social engineering. The modern landscape rewards skepticism and verification. Readers are advised to confirm any sensational claim through official channels and to avoid actions that involve connecting a crypto wallet to unfamiliar sites or submitting sensitive credentials. In practical terms, this means verifying URLs, sticking to known exchanges and wallet providers, enabling hardware wallets when possible, and maintaining up-to-date device security. The overarching message is simple: treat high-profile news as a signal to pause, not a trigger to act, and always fact-check before interacting with wallet interfaces or payment requests.