Singapore authorities issued a cybersecurity warning to citizens after taking notice of the rising use of cryptocurrency drainers or wallet drainers for stealing funds from investors across the ecosystem.
The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) issued a joint advisory to raise awareness against cyberattacks involving crypto drainers, a type of malware that targets crypto wallets. Phishing attacks make use of crypto drainers to extract funds from users’ wallets without authorization.
(1/2) As the use of cryptocurrencies become increasingly popular, cybercriminals are also increasingly leveraging crypto drainers to target owners of cryptocurrency wallets.
— CSA (@CSAsingapore) January 31, 2024
The authorities raised concerns about commercial crypto draining kits, which allow novice cybercriminals to arm up with sophisticated malware at no upfront costs. Instead, attackers using the drainer-as-a-service (DaaS) model will split a pre-determined percentage of the loot with the service provider.
As pointed out by the SPF and CSA pointed out, crypto-drainer-related attacks start with phishing campaigns — usually involving hacking into prominent social media accounts or sending out fraudulent emails to users from hacked databases of major service providers.
(2/2) CSA and @singaporepoliceforce have issued an advisory on the use of crypto drainers to facilitate cryptocurrency theft and how individuals can protect themselves from it. Read the join advisory here. https://t.co/FCnjkjrRdE
— CSA (@CSAsingapore) January 31, 2024
Unsuspecting victims who end up clicking the phishing links get redirected to a fake trading website that prompts users to connect their Web3 wallets. A malicious smart contract is then injected into the victim’s system, allowing hackers to withdraw funds without further authorization.
Related: Inferno Drainer says it’s shutting down after helping steal $70M in crypto
Such an attack has not yet been reported in Singapore, according to the advisory. However, the practice has gained recognition among hackers. MS Drainer, a popular off-the-shelf crypto drainer, helped hackers steal $59 million worth of cryptocurrency in 2023.
1/ Alert: A 'Wallet Drainer' has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months. pic.twitter.com/ye3ob2uTtz
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
The stolen funds are often siphoned out using services that deter traceability, such as cryptocurrency mixers, and heavily reduce chances for recovery.
Singapore authorities recommended the use of hardware wallets for security against wallet drainer attacks, among other precautions. While advising crypto investors to do thorough research, the advisory asks Singaporeans to report any such incident to the authorities and the crypto service providers.
Most importantly, in such instances, victims must revoke any suspicious token approvals and transfer the remaining funds to a different secure wallet address to avoid further loss of funds.
Magazine: Mystery of Polygon’s missing MATIC: Everyone’s doing it, says ChainArgos