- Singaporean authorities issued a warning about ‘crypto drainers,’ a form of malware used in phishing attacks to steal crypto.
- They have outlined detailed steps for users to safeguard their assets.
- While Singapore has not reported cases of crypto drainers, it has experienced crypto-related financial crimes, including a major money laundering scandal in 2023.
- Although a UN report highlights crypto’s role in underground banking and money-laundering in East and Southeast Asia, it’s noteworthy that criminal activities predominantly still use fiat currency.
Singapore Police Force (SPF) issued a joint statement with Singapore’s Cyber Security Agency (CSA) urging the public to protect themselves from so-called ‘crypto drainers.’
A crypto drainer is malware targeting crypto wallets, usually deployed in phishing attacks. Victims are tricked into clicking a link or opening an attachment, unknowingly authorising a transaction that lets the drainer steal their crypto.
The statement said that with the increasing popularity and adoption of crypto criminals are increasingly targeting users’ wallets.
Operating a Drainer-as-a-Service Style Network
Cybercriminal groups offer “commercial” crypto draining kits and services to less tech-savvy criminals under a Drainer-as-a-Service (DaaS) model. They provide wallet draining scripts, phishing kits, and instructions, charging a percentage of the stolen amount for these services.
The SPF and CSA statement highlighted five steps cybercriminals take:
Launch Phishing Campaign: Cybercriminals publicise fake crypto airdrops on social media or email, sometimes using compromised verified accounts for wider reach and credibility.
Direct Victims to Phishing Website: Victims are led to a website that looks like a token distribution platform, where they’re asked for their crypto wallet details.
Wallet Connection: Victims connect their crypto wallets and authenticate with private keys or seed phrases, setting the stage for theft.
Malicious Smart Contract Interaction: Under the pretence of receiving an airdrop, victims are misled into engaging with a harmful smart contract, enabling cybercriminals to empty their wallets without additional permission.
Asset Transfer and Obfuscation: After gaining control over the wallets, cybercriminals quickly drain them and use methods like cryptocurrency mixers to hide the stolen assets, complicating traceability and recovery efforts.
SPF and CSA Advice on Safeguarding Your Assets
While this sounds alarming, the agencies suggest several ways to reduce the likelihood of falling prey to these cybercriminals:
This should come to no surprise, but the best way to protect yourself in crypto in general is to use a hardware wallet and not give out your seed phrase to anyone.
Also, be wary of attractive offers, if it seems to be too good to believe, it probably is.
Verify smart contract functions prior to interacting with them and know what you agree to before signing transactions.
Use blockchain explorers and wallet interfaces to review and, if necessary, revoke high amounts of tokens.
Research crypto projects and beware of the background of the team before connecting your wallet.
And finally, what is probably one of the best tips – use a new and empty wallet if you are still unsure.
Of course, if you believe you have been compromised, transfer all your crypto to another wallet and contact local authorities as well as your exchange.
Financial Crime on the Rise Across APAC Region
While the agencies said no cases involving crypto drainers have been observed in the city state, Singapore and the region have seen its fair share of crimes where crypto was used. While a money laundering scandal rocked the island nation in late 2023, a recent United Nations report has highlighted the role of crypto in underground banking and money laundering across the East and Southeast Asia region.
It should be noted that this is not limited to crypto of course, and criminal gangs use any means available to them which includes old fashioned online casinos using state-backed fiat.
A 2023 report by the OodaLoop network found that despite high-profile cases like FTX, 99% of the over USD $3 trillion used in illegal activities annually is in fiat money.
Credit: Source link
