Exposing a Russian Scam Network Stealing TON Tokens & [REDACTED] Numbers

We were asked to assist in a major case involving theft of TON tokens and [REDACTED] numbers.

What shocked us the most wasn't just the theft — but that a Russian scam group was targeting their own Russian users. Our OSINT analysis revealed that many [REDACTED] accounts traced directly to real identities, exposing the [REDACTED] fraud network and their social engineering tactics.

Findings from Inside the Scammer Chats

The internal group chats revealed:

• Over 4,000 scammers operating openly
• Clearly defined team roles
• Databases of stolen TON addresses
• Full links to [REDACTED] handles and real names

They don't even try to hide.

Access the leaked spreadsheet here: Leaked Spreadsheet

Tools for OSINT and Anti-Scam Community

To help researchers and defenders, we developed a public interface to explore leaked scam logs and [REDACTED] groups:

Explore the tool here: Scam Logs Interface

This interface allows you to:

• Filter by scam group
• Extract IDs and link stolen amounts to timestamps
• Track possible victims

No Privacy for Boasting Scammers

Scammers who openly brag about theft and publish stolen data should not expect any privacy or impunity.

This "Rublevka" leak is just one example — many more groups are out there. This cryptocurrency theft investigation is ongoing, and if you're working on scam investigations, feel free to reach out for collaboration.

Together, we can make the crypto and [REDACTED] ecosystem safer by exposing and disrupting these criminal networks.