Singapore authorities have issued a cybersecurity warning to citizens after noticing an increase in the use of crypto scammers or wallet drainers to steal money from investors across the ecosystem. The Singapore Police Force (SPF) and the Singapore Cyber Security Agency (CSA) have published a joint advisory to raise awareness of cyber attacks involving crypto drainers, a type of malware targeting crypto wallets.
Noteworthy Announcement in Singapore
Phishing attacks exploit crypto drainers to withdraw money unauthorizedly from users’ wallets. Officials expressed concerns about crypto drainer kits that allow novice cybercriminals to launch attacks with ordinary malware without any upfront cost. Instead, attackers using the DaaS (Drainer-as-a-Service) model share a predetermined percentage of the captured assets with the service provider.
As SPF and CSA pointed out, attacks related to crypto drainer kits start with phishing campaigns and often involve hacking leading social media accounts or sending fake emails to users from hacked databases of major service providers.
Users clicking on phishing links are redirected to a fake exchange website that requests them to connect their Web3 wallets. This allows hackers to add a malicious smart contract to the user’s system, enabling withdrawals without further authorization.
Crypto and Security Concerns
According to authorities, such an attack has not yet been reported in Singapore. However, this practice continues to gain recognition among hackers. MS Drainer, a popular ready-to-use crypto drainer, helped hackers steal $59 million worth of cryptocurrency in 2023.
The stolen funds are often laundered using services like cryptocurrency mixers that hinder traceability and greatly reduce the chances of recovery. Singapore authorities recommend using hardware wallets for security against wallet drainer attacks, among other measures.
Officials advising crypto investors to conduct comprehensive research also ask citizens to report such incidents to authorities and crypto service providers. Most importantly, in such situations, victims should cancel suspicious token approvals and transfer remaining funds to a different secure wallet address to prevent further loss.
