Singapore’s authorities have issued a critical cybersecurity warning due to an increase in the use of cryptocurrency drainers, also known as wallet drainers. These are being used to illicitly siphon funds from investors within the cryptocurrency ecosystem.
The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have collaboratively issued an advisory. This advisory aims to heighten public awareness about the risks of cyberattacks involving crypto drainers. These drainers are a form of malware specifically targeting cryptocurrency wallets, often deployed through phishing attacks to withdraw funds from users’ wallets without permission.
The advisory highlights the growing concern over commercially available crypto draining kits. These kits enable even inexperienced cybercriminals to access sophisticated malware with no initial cost. In the drainer-as-a-service (DaaS) model, the attackers share a predetermined portion of the stolen funds with the malware providers.
The SPF and CSA have identified that these attacks typically begin with phishing campaigns. These campaigns might involve compromising high-profile social media accounts or sending fraudulent emails from hacked databases of major service providers. Victims who inadvertently click on these phishing links are redirected to bogus trading sites, prompting them to connect their Web3 wallets. Subsequently, a malicious smart contract is injected into their system, enabling hackers to withdraw funds without additional authorization.
While such attacks have not been reported in Singapore as per the advisory, their prevalence is growing globally. For instance, MS Drainer, a widely-used crypto drainer, facilitated the theft of $59 million in cryptocurrencies in 2023. The stolen funds are often laundered through services like cryptocurrency mixers, significantly hindering recovery efforts.
To combat these threats, Singaporean authorities recommend using hardware wallets for enhanced security. They also advise crypto investors to conduct extensive research and report any incidents to both the authorities and the affected crypto service providers.
In the event of an attack, it is crucial for victims to immediately revoke any dubious token approvals and transfer any remaining funds to a secure wallet address, to prevent further losses.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up